Policy package locking

In FortiManager v5.0 Patch Release 5 and earlier, you needed to lock an ADOM when making changes including changes to policy packages. In FortiManager v5.0 Patch Release 6 you can lock and edit a policy package without locking the ADOM. When the policy package is locked, other users are unable to lock the ADOM or edit the locked policy package. The policy package is edited in a private workspace. Only the policy package is in the workspace, not the object database. When locking and editing a policy package, the object database remains locked. The policy package lock status is displayed in the toolbar.

Before you can lock an ADOM or policy package, you must first enable workspace to disable concurrent ADOM access from the CLI. Go to the System Settings tab and in the CLI Console widget enter the following commands:

You current session will be terminated. Log back into FortiManager to continue.

When workspace is enabled, all ADOMs and policy packages are read-only. In the Device Manager tab, you can right-click an ADOM and select Lock from the right-click menu. When the ADOM is locked you can edit the ADOM, all other administrators need to wait until you unlock the ADOM.

In the Policy & Objects tab, you can select to lock the ADOM from the toolbar. When the ADOM is locked, all policy packages and objects in that ADOM are locked and read-only to other administrators until you finish your edits and unlock the ADOM.

Policy Package locking allows you to lock a specific policy package without locking the ADOM. In the Policy & Objects tab, select the ADOM from the drop-down list, select the policy package, right-click and select Lock & Edit from the right-click menu.

When a policy package is locked, other administrators are not able to lock the ADOM in the Device Manager or Policy & Objects tabs. The policy package is displayed as locked. Other administrators can however lock and edit other policy packages in the same ADOM.

When the policy package is locked, the administrator can edit the policy package as required and access the following options in the left tree right-click menu: Install Wizard, Export, Policy Check, Save, and Unlock. Before unlocking the policy package, select Save in the toolbar or right-click menu to save changes made to the policy package for the session.


	When changes are made to a policy package, the policy package name is highlighted red and the save option is available in the toolbar and right-click menu.

Although another administrator can select to lock and edit an unlocked policy package, neither administrator is able to create a new policy package or edit the object database. To create a new policy package or edit the object database, the ADOM must be locked.


	When an ADOM or policy package is locked, the lock is automatically released by an admin idle timeout or by closing the browser window. Any unsaved changes will be lost. Always ensure that changes are saved using the save option in the toolbar or right-click menu.