Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mbanica
Staff
Staff

Created on ‎07-30-2025 02:26 AM

Article Id 403875

Technical Tip: Workflow Management not available in NGFW policy-mode

Description

 

This article indicates that the Workflow Management feature is only available in NGFW profile mode. The Workflow feature (used for approving and tracking config changes) is tightly integrated with the policy structure.

 

Scope

 

FortiGate.

 

Solution

 

Change Summary with Workflow in the GUI is only supported for firewall policies in profile-based VDOMs, not in NGFW (Next-Generation Firewall) policy mode.

 

Screenshot 2025-07-28 153224.png

 

This is due to key differences in how each mode handles policy structures:

  1. Profile-based mode uses traditional IP/port/protocol matching, allowing for straightforward change tracking.
  2.  NGFW mode introduces policies based on applications, users, and devices, which are more dynamic and complex to audit using standard GUI tools.
  3. The GUI Workflow feature is designed around the more static nature of profile-based policies and doesn't yet fully support the flexible, context-aware structure of NGFW policies.

This limitation is due to backend configuration differences and the current design scope. For NGFW-mode environments requiring detailed change tracking, it is recommended to use FortiManager.

Labels:
211
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.