Technical Note: Bad JSON request on BWL Black & White list for a specific user/MSISDN
Description
This article highlights a BWL Black & White List compatibility issue between v5.2 patches.
Scope
FortiGate & JSON API.
Solution
FortiOS v5.2.5 provides Simple, Wildcard & Regex options for per-user Black & White List. In previous versions of v5.0 up to patch v5.2.4, FortiOS provides only Simple option for URL type per-user BWL.
Until v5.2.4, URL format for a user was:
'urls' : [ {'url':'www.fortinet.com', 'action':'exempt'}, {'url':'www.google.com', 'action':'block'}]
The type is always "simple".
Starting with v5.2.5, a type is added as "simple", "regexp" or "wildcard", URL format is as follows:
'urls' : [ {'url':'www.fortinet.com', 'type':'simple', 'action':'exempt'}, {'url':'www.google.*','type':'regexp', 'action':'block'}]
When a unit runs v5.2.5 then new URL entries are created with a type specified regexp or wildcard, if the unit is downgraded from v5.2.5 to v5.2.x, the URL BWL files will contain URL types that will not be compatible with the earlier version.
In this case, "Bad JSON request" will be received on each query to read, delete or write new URLs.
If a unit has to be downgraded, it is important to:
- delete all URL entries with a URL type not supported prior to the downgrade of the unit; get/delete will be done through JSON API.
- format the flash card and reinstall FortiOS in a previous version.
Until v5.2.4, URL format for a user was:
'urls' : [ {'url':'www.fortinet.com', 'action':'exempt'}, {'url':'www.google.com', 'action':'block'}]
The type is always "simple".
Starting with v5.2.5, a type is added as "simple", "regexp" or "wildcard", URL format is as follows:
'urls' : [ {'url':'www.fortinet.com', 'type':'simple', 'action':'exempt'}, {'url':'www.google.*','type':'regexp', 'action':'block'}]
When a unit runs v5.2.5 then new URL entries are created with a type specified regexp or wildcard, if the unit is downgraded from v5.2.5 to v5.2.x, the URL BWL files will contain URL types that will not be compatible with the earlier version.
In this case, "Bad JSON request" will be received on each query to read, delete or write new URLs.
If a unit has to be downgraded, it is important to:
- delete all URL entries with a URL type not supported prior to the downgrade of the unit; get/delete will be done through JSON API.
- format the flash card and reinstall FortiOS in a previous version.