Commit Changes
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT > DHCP Server
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Commit Changes
Click Commit at the top right
of the web interface and specify an operation for pending changes
to the firewall configuration: commit (activate), validate, or preview
. You can filter pending
changes by administrator or location and then preview,
validate, and commit only those changes. The location can be specific
virtual systems, shared policies and objects, or shared device and
network settings.
The firewall queues commit requests so that you can initiate
a new commit while a previous commit is in progress. The firewall
performs the commits in the order they are initiated but prioritizes
auto-commits that are initiated by the firewall (such as FQDN refreshes).
However, if the queue already has the maximum number of administrator-initiated
commits, you must wait for the firewall to finish processing a pending
commit before initiating a new one.
Use the Task
Manager to cancel commits or see details about commits that
are pending, in progress, completed, or failed.
The Commit dialog displays the options described in the following
table.
Field/Button | Description |
---|---|
Commit All Changes | Commits all changes for which you have administrative privileges
(default). You cannot manually filter the scope of the configuration
changes that the firewall commits when you select this option. Instead,
the administrator role assigned to the account you used to log in
determines the commit scope:
If
you have implemented access domains, the firewall automatically
applies those domains to filter the commit scope (see Device
> Access Domain). Regardless of your administrative role,
the firewall commits only the configuration changes in the access
domains assigned to your account. |
Commit Changes
Made By | Filters the scope of the configuration changes
the firewall commits. The administrative role assigned to the account
you used to log in determines your filtering options:
Filter
the commit scope as follows:
If you have implemented access
domains, the firewall automatically filters the commit scope based
on those domains (see Device
> Access Domain). Regardless of your administrative role
and your filtering choices, the commit scope includes only the configuration
changes in the access domains assigned to your account. After
you load a configuration (Device
> Setup > Operations), you must Commit All Changes. When
you commit changes to a virtual system, you must include the changes
of all administrators who added, deleted, or repositioned rules
for the same rulebase in that virtual system. |
Commit Scope | Lists the locations that have changes to
commit. Whether the list includes all changes or a subset of the
changes depends on several factors, as described for Commit
All Changes and Commit
Changes Made By. The locations can be any of the following:
|
Location Type | This column categorizes the locations of
pending changes:
|
Include in Commit (Partial
commit only) | Enables you to select the changes you want
to commit. By default, all changes within the Commit Scope are
selected. This column displays only after you choose to Commit
Changes Made By specific administrators. There
might be dependencies that affect the changes you include in a commit.
For example, if you add an object and another administrator then
edits that object, you cannot commit the change for the other administrator
without also committing your own change. |
Group by Location Type | Groups the list of configuration changes
in the Commit Scope by Location
Type. |
Preview Changes | Enables you to compare the configurations
you selected in the Commit Scope to the running configuration.
The preview window uses color coding to indicate which changes are
additions (green), modifications (yellow), or deletions (red). To
help you match the changes to sections of the web interface, you
can configure the preview window to display Lines of
Context before and after each change. These lines are
from the files of the candidate and running configurations that
you are comparing. Because the preview results display
in a new browser window, your browser must allow pop-ups. If the
preview window does not open, refer to your browser documentation
for the steps to allow pop-ups. |
Change Summary | Lists the individual settings for which
you are committing changes. The Change Summary list displays
the following information for each setting:
Optionally,
you can Group By column name (such as Type). Select
an object in the change list to view the Object Level
Difference. |
Validate Commit | Validates whether the firewall configuration
has correct syntax and is semantically complete. The output includes
the same errors and warnings that a commit would display, including rule
shadowing and application dependency warnings. The validation process
enables you to find and fix errors before you commit (it makes no
changes to the running configuration). This is useful if you have
a fixed commit window and want to be sure the commit will succeed
without errors. |
Description | Allows you to enter a description (up to
512 characters) to help other administrators understand what changes
you made. The System log for a commit event will truncate
descriptions longer than 512 characters. |
Commit | Starts the commit or, if other
commits are pending, adds your commit to the commit queue. |
Commit Status | Provides progress during the commit, then
provides results after the commit. Commit results include success
or failure, details of commit changes, and commit warnings. Warnings include:
|