Technical Tip: FortiManager appends the Policy ID to Global-Label after the FortiGate upgrade via FortiManager

After upgrading FortiGate following the recommended upgrade path, FortiManager appends the firewall policy ID to the global-label, which affects the 'Sequence Grouping View' display. This issue occurs only when the upgrade is performed via FortiManager.

Before Upgrade:

config firewall policy
    edit 21
        set name "DENY-ALL"
        set srcintf "port2"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set logtraffic disable
        set global-label "DENY-RULES"
    next
end

After the upgrade:

config firewall policy
    edit 21
        set name "DENY-ALL"
        set srcintf "port2"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set logtraffic disable
        set global-label "DENY-RULES(21)"
    next
end

Despite the change, the correct global-label remains visible under Policy & Objects → Policy Package → Select Policy → Edit → Advanced Options of FortiManager.

This issue has been resolved in FortiManager v7.4.7 and v7.6.3.

Workaround.

Manually correct the global-label using the CLI:

config firewall policy
    edit <ID>
        set global-label <label>
end