FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 239371
Description This article describes how to set FortiGate's firewall policy change summary and default expiration in a VDOM configuration.
Scope FortiGate 7.2.3.

The options 'Policy change summary' and 'Policies expire by default' is displayed in the GUI of FortiGate.


For more information, see the below document:


But for a VDOM configuration, it is different like the screenshots show it below:




But in the VDOM root, the policy has the option to set the Policy Expiration:




That is not possible to remove the default expiration to zero days, like the tips in the 7.2.3 guide in the above link:


'The default value for Policy expiration is 30 days. This number can be changed in the CLI or in System > Settings in the GUI to any value between zero and 365 days. If the default value is set to zero, the Default state will disable the Policy expiration.'


The guide is designed for a Firewall without VDOM.


When a VDOM is enabled, configure the commands via CLI specifically to have expiration available but not active when creating a policy:


# config system setting

    set gui-advanced-policy enable

    set gui-enforce-change-summary require

    set default-policy-expiry-days 0