Technical Tip: Firewall policy change summary and default expiration in a VDOM configuration
| Description | This article describes how to set FortiGate's firewall policy change summary and default expiration in a VDOM configuration. |
| Scope | FortiGate 7.2.3. |
| Solution | The options 'Policy change summary' and 'Policies expire by default' is displayed in the GUI of FortiGate.
For more information, see the below document: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/656084/firewall-policy
But for a VDOM configuration, it is different like the screenshots show it below:
But in the VDOM root, the policy has the option to set the Policy Expiration:
That is not possible to remove the default expiration to zero days, like the tips in the 7.2.3 guide in the above link:
'The default value for Policy expiration is 30 days. This number can be changed in the CLI or in System > Settings in the GUI to any value between zero and 365 days. If the default value is set to zero, the Default state will disable the Policy expiration.'
The guide is designed for a Firewall without VDOM.
When a VDOM is enabled, configure the commands via CLI specifically to have expiration available but not active when creating a policy:
# config system setting set gui-advanced-policy enable set gui-enforce-change-summary require set default-policy-expiry-days 0 |
