FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Lovepreet_Dhillon
Article Id 239127
Description

This article explains how to configure and use the new 'Policy change summary' and 'audit trail' features.

Scope

FortiOS 7.2 and above.

Solution

Policy change summary: Each time a firewall policy is created or edited, the administrator will be prompted to write a summary as a record of the changes.

 

To configure the firewall policy change summary feature in the GUI:

  1. Go to System -> Feature Visibility.
  2. Enable Workflow Management.
  3. Select Apply.
  4.  Go to System -> Settings.
  5. Enable Policy change summary:

 

Lovepreet_Dhillon_5-1670431211407.png

 

To configure the firewall policy change summary feature in the CLI:

 

config system settings

set gui-enforce-change-summary {disable | require | optional}

end

 

  • Disable: No prompt to add a summary is given.
  • Required: Users are required to add a summary.
  • Optional: Users will be prompted to add a summary, but it will not be mandatory.

 

Note:

The default option for the policy summary feature is 'required'. However, the option will not be applied until the feature is enabled as in the instructions above.

 

In a multiple VDOM environment, the policy summary option can be enabled on a per-VDOM basis:

 

Under Global -> System -> VDOM, select the VDOM and enable the feature with the preferred option:

 

Lovepreet_Dhillon_7-1670431438722.png

 

The Audit trail feature can be used to review the policy change summaries, along with the date and time of each change and a log of which administrator committed the change.

 

To review the audit trail in the GUI:

  • Go to Policy & Objects -> Firewall Policy.
  • Select the desired policy.

 

Lovepreet_Dhillon_8-1670431496655.png

 

  • Select Audit Trail to open the summary list for that policy.

 

Lovepreet_Dhillon_0-1670432036457.png

 

  • From the list of entries, select the desired item.

 

Note:

  • The 'Policy change summary' option is not available in v7.0 and below.
  • Audit trails require disk logging. 'get system status' output shows 'Log hard disk .

Lovepreet_Dhillon_9-1670431570752.png

 

To confirm if the device has a hard disk, check the Data Sheet of the device, or run the below commands on the FortiGate to confirm:

 

      get system status         -> Check for 'Log hard disk'

      get hardware status       -> Check for 'Hard disk'

 

If the device is confirmed to have a hard disk, check if disk logging is enabled/disabled.

Enable disk logging to activate Audit trail feature:

 

config log disk setting

set status enable

end

 

After the above changes, refresh the GUI or log out from the firewall's GUI. Open a new web browser session, then log back in. The audit trail feature should be available on Firewall Policy.

 

Debug logs from httpsd debugging:

 

diagnose debug reset

diagnose debug application httpsd -1

diagnose debug console time enable

diagnose debug enable

 

To disable the debugging:

 

diagnose debug disable

diagnose debug reset

 

Related articles:

Log hard disk: 'Not available' message when hard disk is present in the unit

Technical Tip: 'Log hard disk: Not available' message when hard disk is present in the unit

FortiGate Debugger Chrome Extension

Technical Tip: FortiGate Support Tool - Google Chrome Extension for troubleshooting GUI issues