diff --git a/ncm-shorewall/src/main/pan/components/shorewall/schema.pan b/ncm-shorewall/src/main/pan/components/shorewall/schema.pan
index 7572494d6c..1eff4e4607 100644
--- a/ncm-shorewall/src/main/pan/components/shorewall/schema.pan
+++ b/ncm-shorewall/src/main/pan/components/shorewall/schema.pan
@@ -88,6 +88,8 @@ type component_shorewall_policy = {
     "burst" ? string
     "limit" ? string
     "connlimit" ? string
+    @{enable audit on the policy}
+    "audit" ? boolean
 };
 
 # Keep this list in sync with list from TT file
@@ -153,6 +155,10 @@ type component_shorewall_rules = {
     "headers" ? string
     "switch" ? string
     "helper" ? string
+    @{use the audit action}
+    "audit" ? boolean
+    @{action loglevel}
+    "loglevel" ? string
 };
 
 type component_shorewall_shorewall_blacklist = string with
diff --git a/ncm-shorewall/src/main/resources/line/policy.tt b/ncm-shorewall/src/main/resources/line/policy.tt
index d56ba5d17e..384c26819f 100644
--- a/ncm-shorewall/src/main/resources/line/policy.tt
+++ b/ncm-shorewall/src/main/resources/line/policy.tt
@@ -2,7 +2,7 @@
 [%-      CASE 'burst' -%]
 [%-         el -%][% line.exists('limit') ? ':' _ line.limit : '' -%]
 [%-      CASE 'policy' -%]
-[%-         el FILTER upper -%]
+[%-         el FILTER upper -%][% line.exists('audit') && line.audit ? ':audit' : '' -%]
 [%-      CASE -%]
 [%-         CCM.is_list(el) ? el.join(',') : el -%]
 [%- END -%]
diff --git a/ncm-shorewall/src/main/resources/line/rules.tt b/ncm-shorewall/src/main/resources/line/rules.tt
index 6be914c7a5..71c2148c04 100644
--- a/ncm-shorewall/src/main/resources/line/rules.tt
+++ b/ncm-shorewall/src/main/resources/line/rules.tt
@@ -4,7 +4,7 @@
 [%-      CASE 'user' -%]
 [%-         el -%][% line.exists('group') ? ':' _ line.group : '' -%]
 [%-      CASE 'action' -%]
-[%-         el FILTER upper -%]
+[%-         line.exists('audit') && line.audit ? 'A_' : '' -%][%- el FILTER upper -%][%- line.exists('loglevel') ? ':' _ line.loglevel : '' -%]
 [%-      CASE -%]
 [%-         CCM.is_list(el) ? el.join(',') : el -%]
 [%- END -%]
diff --git a/ncm-shorewall/src/main/resources/tests/profiles/policy.pan b/ncm-shorewall/src/main/resources/tests/profiles/policy.pan
index cab70c7923..e0039f05eb 100644
--- a/ncm-shorewall/src/main/resources/tests/profiles/policy.pan
+++ b/ncm-shorewall/src/main/resources/tests/profiles/policy.pan
@@ -21,3 +21,10 @@ prefix '/config/2';
 "policy" = "reject";
 "src" = "all";
 "connlimit" = "alot";
+
+prefix '/config/3';
+"dst" = "all";
+"loglevel" = "info";
+"policy" = "reject";
+"src" = "all";
+"audit" = true;
diff --git a/ncm-shorewall/src/main/resources/tests/profiles/rules.pan b/ncm-shorewall/src/main/resources/tests/profiles/rules.pan
index dc1f5a65a1..8e77709238 100644
--- a/ncm-shorewall/src/main/resources/tests/profiles/rules.pan
+++ b/ncm-shorewall/src/main/resources/tests/profiles/rules.pan
@@ -22,3 +22,10 @@ prefix '/config/1';
 "src/address/1" = "5.6.7.8/32";
 "src/interface" = "etx1";
 "src/zone" = "ext";
+
+prefix '/config/2';
+"action" = "reject";
+"dst/zone" = "fww";
+"src/zone" = "extt";
+"audit" = true;
+"loglevel" = "info";
diff --git a/ncm-shorewall/src/main/resources/tests/regexps/policy b/ncm-shorewall/src/main/resources/tests/regexps/policy
index b4c5fda5e0..fd5a6a8fde 100644
--- a/ncm-shorewall/src/main/resources/tests/regexps/policy
+++ b/ncm-shorewall/src/main/resources/tests/regexps/policy
@@ -7,3 +7,4 @@ contentspath=/config
 ^fw\tall\tACCEPT$
 ^int\tall\tACCEPT\t-\tabc:123$
 ^all\tall\tREJECT\tinfo\t-\talot$
+^all\tall\tREJECT:audit\tinfo$
diff --git a/ncm-shorewall/src/main/resources/tests/regexps/rules b/ncm-shorewall/src/main/resources/tests/regexps/rules
index af8dfe6a47..3cd55db272 100644
--- a/ncm-shorewall/src/main/resources/tests/regexps/rules
+++ b/ncm-shorewall/src/main/resources/tests/regexps/rules
@@ -6,3 +6,4 @@ contentspath=/config
 ---
 ^ACCEPT\tall\tfw\ticmp\t8,9\t-\t-\t-\tmyuser:mygroup$
 ^ACCEPT\text:etx1:1.2.3.4/16,5.6.7.8/32\tfw\ttcp\t22$
+^A_REJECT:info\textt\tfww$