The FortiGate unit’s firewall functionality is ideally suited to PCI DSS requirement 3.0, “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.” Security policies control the source, destination, and type of traffic passing between networks.

The PCI DSS standard includes requirements to document your network topology and configuration. As part of that requirement, and to assist the auditing of your network, make use of the Comment field available in FortiGate security policies. Describe the purpose of each policy.