Focus

Manage Locks for Restricting Configuration Changes

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Use Global Find to Search the Firewall or Panorama Management Server

Manage Configuration Backups

Manage Locks for Restricting Configuration Changes

You can use configuration locks to prevent other administrators from changing the candidate configuration or from committing configuration changes until you manually remove the lock or the firewall automatically removes it (after a commit). Locks ensure that administrators don’t make conflicting changes to the same settings or interdependent settings during concurrent login sessions.

The firewall queues commit requests and performs them in the order that administrators initiate the commits. For details, see Commit, Validate, and Preview Firewall Configuration Changes. To view the status of queued commits, see Manage and Monitor Administrative Tasks.

View details about current locks.
For example, you can check whether other administrators have set locks and read comments they entered to explain the locks.
Click the lock

at the top of the web interface. An adjacent number indicates the number of current locks.
Lock a configuration.
1. Click the lock at the top of the web interface.
  
  The lock image varies based on whether existing locks are
  
  or are not
  
  set.
2. Take a Lock and select the lock Type:
  - Config—Blocks other administrators from changing the candidate configuration.
  - Commit—Blocks other administrators from committing changes made to the candidate configuration.
3. (Firewall with multiple virtual systems only) Select a Location to lock the configuration for a specific virtual system or the Shared location.
4. (Optional) As a best practice, enter a Comment so that other administrators will understand the reason for the lock.
5. Click OK and Close.
Unlock a configuration.
Only a superuser or the administrator who locked the configuration can manually unlock it. However, the firewall automatically removes a lock after completing the commit operation.
1. Click the lock at the top of the web interface.
2. Select the lock entry in the list.
3. Click Remove Lock, OK, and Close.
Configure the firewall to automatically apply a commit lock when you change the candidate configuration. This setting applies to all administrators.
1. Select DeviceSetupManagement and edit the General Settings.
2. Select Automatically Acquire Commit Lock and then click OK and Commit.

Use Global Find to Search the Firewall or Panorama Management Server

Manage Configuration Backups

Next-Generation Firewall Docs

Manage Locks for Restricting Configuration Changes

Next-Generation Firewall Docs

Manage Locks for Restricting Configuration Changes

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner