Fortinet black logo

New Features

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Add Policy change summary and Policy expiration to Workflow Management

Add Policy change summary and Policy expiration to Workflow Management

Two options, Policy change summary and Policy expiration, are added to Workflow Management. Policy change summary enforces an audit trail for changes to firewall policies. Policy expiration allows administrators to set a date for the firewall policy to be disabled.

There are three states for the Policy change summary:

  • Disable: users will not be prompted to add a summary when editing a policy.

  • Required: the Policy change summary will be enabled and will require users to add a summary when editing or creating a firewall policy.

  • Optional: the Policy change summary will be enabled but users can leave the summary empty, if preferred, when editing or creating a firewall policy.

There are three states for Policy expiration:

  • Disable: the firewall policy will not expire. This is the default setting for Policy expiration.

  • Default: the firewall policy will expire after the default number of days.

  • Specify: the firewall policy will expire at a set date and time.

Note

The default value for Policy expiration is 30 days. This number can be changed in the CLI or in System > Settings in the GUI to any value between zero and 365 days. If the default value is set to zero, the Default state will disable the Policy expiration.
To configure the firewall policy change summary and default expiration in the GUI:

  1. Go to System > Feature Visibility.

  2. Enable Workflow Management.

  3. Click Apply.

  4. Go to System > Settings.

  5. In the Workflow Management section, set Policy change summary to Required. Policies expire by default is enabled by default with an Expire after value of 30.

  6. Click Apply.

To configure firewall policy expiration in the GUI:

  1. Go to Policy & Objects > Firewall Policy and click Create New.

  2. Name the policy and configure the necessary parameters.

  3. Set Policy expiration to Specify. The Expiration date fields appears with the current date and time.

  4. Select the date and time for the policy to expire from the Expiration date fields.

  5. Click OK. The Workflow Management - Summarize Changes pane opens.

  6. In the Change summary field, enter details about the changes made to the policy. These details can be referred to later for auditing purposes.

  7. Click OK.

To configure the firewall policy change summary in the CLI:
config system settings
    set gui-enforce-change-summary {disable | require | optional}
end
To configure the policy expiration default value in the CLI:
config system settings
    set default-policy-expiry-days <integer>
end
To configure firewall policy expiration in the CLI:
config firewall policy
    edit <id>
        set policy-expiry {enable | disable}
        set policy-expiry-date <YYYY-MM-DD HH:MM:SS>
    next
end

Policy change summaries are used to track changes made to a firewall policy. The Audit Trail allow users to review the policy change summaries, including the date and time of the change and which user made the change.

Note

The Audit Trail is only supported by FortiGate models with disk logging.
To review the audit trail in the GUI:

  1. Go to Policy & Objects > Firewall Policy.

  2. Select the policy you want to review and click Edit.

  3. In the right-side banner, click Audit Trail. The Audit trail for Firewall Policy pane opens and displays the policy change summaries for the selected policy.

  4. Select an entry to review the details of the change made.

  5. When you are done reviewing the Audit Trail, click Close.

  6. Click Cancel to exit the Edit Policy page.

Previous
Next

Add Policy change summary and Policy expiration to Workflow Management

Two options, Policy change summary and Policy expiration, are added to Workflow Management. Policy change summary enforces an audit trail for changes to firewall policies. Policy expiration allows administrators to set a date for the firewall policy to be disabled.

There are three states for the Policy change summary:

  • Disable: users will not be prompted to add a summary when editing a policy.

  • Required: the Policy change summary will be enabled and will require users to add a summary when editing or creating a firewall policy.

  • Optional: the Policy change summary will be enabled but users can leave the summary empty, if preferred, when editing or creating a firewall policy.

There are three states for Policy expiration:

  • Disable: the firewall policy will not expire. This is the default setting for Policy expiration.

  • Default: the firewall policy will expire after the default number of days.

  • Specify: the firewall policy will expire at a set date and time.

Note

The default value for Policy expiration is 30 days. This number can be changed in the CLI or in System > Settings in the GUI to any value between zero and 365 days. If the default value is set to zero, the Default state will disable the Policy expiration.
To configure the firewall policy change summary and default expiration in the GUI:

  1. Go to System > Feature Visibility.

  2. Enable Workflow Management.

  3. Click Apply.

  4. Go to System > Settings.

  5. In the Workflow Management section, set Policy change summary to Required. Policies expire by default is enabled by default with an Expire after value of 30.

  6. Click Apply.

To configure firewall policy expiration in the GUI:

  1. Go to Policy & Objects > Firewall Policy and click Create New.

  2. Name the policy and configure the necessary parameters.

  3. Set Policy expiration to Specify. The Expiration date fields appears with the current date and time.

  4. Select the date and time for the policy to expire from the Expiration date fields.

  5. Click OK. The Workflow Management - Summarize Changes pane opens.

  6. In the Change summary field, enter details about the changes made to the policy. These details can be referred to later for auditing purposes.

  7. Click OK.

To configure the firewall policy change summary in the CLI:
config system settings
    set gui-enforce-change-summary {disable | require | optional}
end
To configure the policy expiration default value in the CLI:
config system settings
    set default-policy-expiry-days <integer>
end
To configure firewall policy expiration in the CLI:
config firewall policy
    edit <id>
        set policy-expiry {enable | disable}
        set policy-expiry-date <YYYY-MM-DD HH:MM:SS>
    next
end

Policy change summaries are used to track changes made to a firewall policy. The Audit Trail allow users to review the policy change summaries, including the date and time of the change and which user made the change.

Note

The Audit Trail is only supported by FortiGate models with disk logging.
To review the audit trail in the GUI:

  1. Go to Policy & Objects > Firewall Policy.

  2. Select the policy you want to review and click Edit.

  3. In the right-side banner, click Audit Trail. The Audit trail for Firewall Policy pane opens and displays the policy change summaries for the selected policy.

  4. Select an entry to review the details of the change made.

  5. When you are done reviewing the Audit Trail, click Close.

  6. Click Cancel to exit the Edit Policy page.

Previous
Next