Skip to main content
mahmed
Staff
mahmed
Staff
March 26, 2026

Technical Tip: FortiGate workspace mode - commit, abort, and timeout behavior

  • March 26, 2026
  • 0 replies
  • 278 views
Description This article describes workspace mode behavior, transaction lifecycle (start, commit, abort, timeout), configuration limitations and relevant CLI and diagnostic commands.
Scope FortiGate.
Solution

Workspace mode allows FortiGate administrators to stage and review configuration changes before explicitly committing them to the active configuration. This transactional approach enhances operational safety by preventing unintended configuration impacts and enabling reversible change management.

 

Key concepts:

  • Batch Changes: Configuration changes made in workspace mode are not applied until explicitly committed.
  • Object Locking: When an object is edited, it is locked to prevent simultaneous modification by other administrators. A warning message appears when an object is already locked in another transaction.
  • Permissions: Administrator privileges in workspace mode follow the same role and profile permissions as in normal configuration mode.
  • Timeout Behavior: Transactions automatically expire after five minutes of inactivity. When a timeout occurs, all pending changes are discarded. Warning messages are displayed as the timeout approaches:

 

config transaction id=1 will expire in 30 seconds
config transaction id=1 will expire in 20 seconds
config transaction id=1 will expire in 10 seconds
config transaction id=1 has expired

 

Limitations:

The following settings cannot be modified within a workspace transaction:

 

config system console
config system resource-limits
config system elbc
config system global
    set split-port
    set vdom-admin
    set management-vdom
    set wireless-mode
    set internal-switch-mode
end
config system settings
    set opmode
end
config system npu
config system np6
config system wireless
    set mode
end
config system vdom-property
config system storage

 

Note: The execute batch command cannot be executed within or to initiate workspace mode.

 

Workspace mode workflow:

 

  1. Start workspace mode.

 

execute config-transaction

 

Once initiated, configuration changes occur within a local CLI process isolated from other administrator sessions.

 

  1. Commit changes.

 

execute config-transaction commit

 

All staged changes are merged into the running configuration and applied to the kernel.

 

  1. Abort changes.

 

execute config-transaction abort

 

All pending changes are discarded without any effect on the current configuration.

 

Diagnostic commands:

Use the following diagnostic commands to monitor workspace transactions:

 

Show transaction metadata:

 

diagnose sys config-transaction show txn-meta

 

Show transaction details:

 

diagnose sys config-transaction show txn-info

 

List entities in the current transaction:

 

diagnose sys config-transaction show txn-entity

 

Display transaction lock status:

 

diagnose sys config-transaction show txn-lock

 

Check active transaction status:

 

diagnose sys config-transaction status
    Terms & ConditionsAccessibility statement