Technical Tip: FortiGate GUI Shows '403: Access Denied' Error When Configuring Local Traffic Logging

When attempting to modify local traffic logging via the GUI, the error message '403: Access denied' may be displayed.
This issue occurs only for firewall administrators who are assigned a custom admin profile with read-write access, rather than the default 'super_admin' profile.

config system accprofile

    edit "prof_admin_GUI"

        set secfabgrp read-write

        set ftviewgrp read-write

        set authgrp read-write

        set sysgrp read-write

        set netgrp read-write

        set loggrp read-write

        set fwgrp read-write

        set vpngrp read-write

        set utmgrp read-write

        set wanoptgrp read-write

        set wifi read-write

        set cli-get enable

        set cli-show enable

        set cli-exec enable

        set cli-config enable

    next

end

This issue has been resolved in the following versions:

• v7.6.4 (available to download from the Fortinet support portal).
• v8.0.0 (scheduled to be released in February 2026).

These timelines for firmware release are estimates and may be subject to change.

Workaround:

Use CLI to perform the changes to log settings.

config log setting
    set local-in-policy-log disable
end