Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Salah_Alkhatib
New Contributor

Maker Checker

Hello All ,

Kindly we are using Configuration Save mode ( Workspace)

is there a way to configure admin profile with Read Write prevellage but without saving staged config 

and create another admin profile with all permission to verify those changes and save staged config ,,

noting that our FW's is integrated with Cisco ISE-TACACS

 

Thanks

2 REPLIES 2
srajeswaran
Staff
Staff

changes made under workspace are not saved/applied untill you commit the changes, which means if you are creating a user in workspace mode, it is as good as not creating a user until you commit the changes.

To use workspace mode:
  1. Start workspace mode:

    execute config-transaction start

    Once in workspace mode, the administrator can make configuration changes, all of which are made in a local CLI process that is not viewable by other processes.

  2. Commit configuration changes:

    execute config-transaction commit

    After performing the commit, the changes are available for all other processes, and are also made in the kernel.

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/688647/workspace-mode


Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Salah_Alkhatib
New Contributor

Thank You Suraj for your replay ,

the transaction mode only working when use cfg-save mode automatic ,

we need to keep the cfg-save mode to manual and prevent some users to save the config however they can do any change in configuration (Routing, Policies ,NAT .Etc...)

 

this feature is supported in Palo Alto FW's and its called " Commit and Validation Function "

Thank you.

Labels
Top Kudoed Authors