FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article explains how to configure and use the new 'Policy change summary' and 'audit trail' features.


FortiOS 7.2 and above.


Policy change summary: Each time a firewall policy is created or edited, the administrator will be prompted to write a summary as a record of the changes.


To configure the firewall policy change summary feature in the GUI:

1) Go to System -> Feature Visibility.

2) Enable Workflow Management.

3) Select Apply.

4) Go to System -> Settings.

5) Enable Policy change summary:




To configure the firewall policy change summary feature in the CLI:


# config system settings

set gui-enforce-change-summary {disable | require | optional}



Disable: No prompt to add a summary is given.

Required: Users are required to add a summary.

Optional: Users will be prompted to add a summary, but it will not be mandatory.


Note: The default option for the policy summary feature is 'required'. However, the option will not be applied until the feature is enabled as in the instructions above.


In a multiple VDOM environment, the policy summary option can be enabled on a per-VDOM basis:


Under Global -> System -> VDOM, select the VDOM and enable the feature with the preferred option:




The Audit trail feature can be used to review the policy change summaries, along with the date and time of each change and a log of which administrator committed the change.


To review the audit trail in the GUI:

-  Go to Policy & Objects -> Firewall Policy.

-  Select the desired policy.




- Select Audit Trail to open the summary list for that policy.




- From the list of entries, select the desired item.



  • The 'Policy change summary' option is not available in FortiGate 7.0 and below.
  • Audit trails require disk logging. 'get system status' output shows 'Log hard disk .


Related Troubleshooting commands


Debug logs from httpsd debugging:


# diagnose debug reset

# diagnose debug application httpsd -1

# diagnose debug console time enable

# diagnose debug enable


To disable the debugging:


# diagnose debug disable

# diagnose debug reset


FortiGate Debugger Chrome Extension


Related articles:

Log hard disk: 'Not available' message when hard disk is present in the unit