Technical Tip: After FortiOS upgrade, some of the ISDB objects in the policy are missing
Description
This article explains why there are missing ISDB objects in the policy after upgrade and how to correct this.
Solution
After performing major version upgrade (for example 5.6 to 6.0, or 6.0 to 6.2), the ISDB objects in the policy might get lost.
This can happen because between different versions, a different ISDB database is used.
During the upgrade, if the entries on the target version is altered/discarded, the object will not be saved after the upgrade.
Therefore, it is important to check the configuration loss using the following command:
After the upgrade, replace or re-fill the lost object in the policy manually.
This article explains why there are missing ISDB objects in the policy after upgrade and how to correct this.
Solution
After performing major version upgrade (for example 5.6 to 6.0, or 6.0 to 6.2), the ISDB objects in the policy might get lost.
This can happen because between different versions, a different ISDB database is used.
During the upgrade, if the entries on the target version is altered/discarded, the object will not be saved after the upgrade.
Therefore, it is important to check the configuration loss using the following command:
# diag debug config-error-log readThe above example demonstrate that the ISDB objects 'ID 65547' in the firewall policy does not exist in the new ISDB database after the upgrade.
>>> "set" "internet-service-id" "65547" @ root.firewall.policy.1:value parse error (error -3)
After the upgrade, replace or re-fill the lost object in the policy manually.
Related Articles
Technical Tip: Configuration is partially lost after upgrade