Technical Tip: Locate when the local-in policy was configured
| Description | This article describes how to locate when the local-in policy was configured. |
| Scope | FortiGate. |
| Solution | In some scenarios, the administrator may wish to see when the local-in policy was created or edited.
To do so, navigate to System events -> Apply a 'Add firewall.local-in-policy' filter on the Message column. The administrator will then be able to see the details like the Date and Time when the policy was created.
Expand the log to see more details:
Similarly, whenever a local-in policy is edited, the log is generated:
As an alternative to the GUI log search, use the following CLI commands:
execute log filter category 1 execute log filter field msg "Add firewall.local-in-policy 1" execute log display
Example output:
1: date=2025-12-05 time=09:58:55 eventtime=1764885534509596862 tz="+1200" logid="0100044547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" user="admin" ui="jsconsole(206.47.x.x)" action="Add" cfgtid=1317732357 uuid="50973fc2-d15c-51f0-7c44-42836b34cca4" cfgpath="firewall.local-in-policy" cfgobj="1" cfgattr="srcaddr[all]dstaddr[all]service[ALL]schedule[always]intf[wan2]action[accept]" msg="Add firewall.local-in-policy 1"
Related document: |
