Firewall policy change summary and default expiration in the GUI in 7.2.3

Fabio · ‎12-01-2022

Hello Guys,

I have problem when enable WorkFlow Management in Global Setting. As the articol https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/656084/firewall-policy , the option "Policy change summary " and "Policies expire by default " could be appear, but not in may situation.. like the pic below:

Workflow management_1.jpg

But in vdom root, the policy have the option to set the Policy Expiration..

Workflow management expiration.jpg

That's not possible remove the default expiration to zero days, like this tips in the 7.2.3 guide in the link up...

"The default value for Policy expiration is 30 days. This number can be changed in the CLI or in System > Settings in the GUI to any value between zero and 365 days. If the default value is set to zero, the Default state will disable the Policy expiration."

Anyone can help me? in the release note i didn't see nothing ..

Fabio

Fabio · ‎12-01-2022

I solved it.
the guide is designed for a Firewall without VDOM.
When they are enabled instead, you have to configure the commands via CLI.
specifically to have expiration a available but not active when creating a policy this is what you need to configure:

config system settings

set gui-advanced-policy enable

set gui-enforce-change-summary require

set default-policy-expiry-days 0

Fabio

View solution in original post

Fabio · ‎12-01-2022

I solved it.
the guide is designed for a Firewall without VDOM.
When they are enabled instead, you have to configure the commands via CLI.
specifically to have expiration a available but not active when creating a policy this is what you need to configure:

config system settings

set gui-advanced-policy enable

set gui-enforce-change-summary require

set default-policy-expiry-days 0

Fabio

Firewall policy change summary and default expiration in the GUI in 7.2.3

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website