Troubleshooting Tip: Integrate interface wizard fails to migrate the interface to SD-WAN zone when a Local-In policy is configured

When using the Integrate Interface wizard in the GUI, the wizard may fail to migrate an interface to an SD-WAN zone with the error 'Failed to save changes' when a local-in-policy is configured on the interface.

Example configuration:

config firewall local-in-policy
    edit 2
        set intf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set service "DNS"
        set schedule "always"
    next
end

The following output is seen in the CLI 8 debugs:

diagnose debug cli 8
diagnose debug enable
0: config vdom
0: edit root
0: config system sdwan
0: end
0: end
0: config vdom
0: edit root
0: config system sdwan
0: config members
0: edit 0
-3: set interface "wan2"
(skipped) set zone "dot9-sdwan"

This issue has been resolved in:

• v7.4.9 (available to download from the Fortinet support portal).
• v7.6.4 (available to download from the Fortinet support portal).
• v8.0.0 (scheduled to be released in February 2026).

These timelines for firmware release are estimates and may be subject to change.

Workaround:
Delete the local-in-policy before migrating the interface to an SD-WAN zone.

To delete the local-in-policy entry in CLI as shown above:

config firewall local-in-policy

    delete 2    <----- 2 is the policy number.

end