When FortiManager is configured with Workspace mode enabled, it is necessary to lock the relevant ADOM/objects before any changes can be applied. These changes include performing a Policy Package Installation.

The easiest way to perform a Policy Package Installation in FortiManager with Workspace mode enabled is to lock the whole ADOM.

However, other administrators will not be able to perform any changes to other devices or policy packages within this specific ADOM until it is unlocked.

Another way to perform a Policy Package Installation is to lock only the relevant device(s) and policy packages.

Go under Device Manager -> Device & Groups -> Managed FortiGate, 'right-click' on the device -> Lock:

Under Policy & Objects -> Policy Packages, 'right-click' on the Policy Package -> Lock:

Select Install -> Install Wizard:

Note that both the device and the policy package need to be locked:

• If the device is not locked, the Install Wizard button will be greyed out.
• If the Policy Package is not locked, it will not appear in the Policy Package list in the Install Wizard.