Troubleshooting Tip: Local-in policy, local-in-policy6, DoS policy are delete it in versions 7.6.1 and 7.6.2
| Description | This article describes a behavior where users with Local-in policy, local-in-policy6, DoS policy interface policy, multicast policy, TTL policy, or central SNAT map configure using interfaces that were part of an SD-WAN zone in versions 7.4.5, 7.6.0, or any previous GA version. These policies will be deleted after upgrading to versions 7.6.1 or 7.6.2. |
| Scope | FortiGate will use Local-in policy, local-in-policy6, DoS policy, interface policy, multicast policy, TTL policy, or central SNAT map configured using interfaces that are part of an SD-WAN zone. |
| Solution | The user has a local in policy configured using an interface part of an SD-WAN zone.
config system sdwan
config firewall local-in-policy set internet-service-src disable
After upgrading to versions 7.4.6, 7.6.1, these policies are deleted, and users must manually create new local-in policies as documented in the following link using the SD-WAN interfaces.
Workaround: After upgrading to v7.6.1GA, users will need to manually recreate these policies and assign them to the appropriate SD-WAN zone.
Final Fix: Upgrade to v7.4.8, v7.6.3.
Special note: Although previous versions do not include the fix, it is not recommended to bypass the upgrade path. In some cases, users must upgrade to previous versions following the upgrade path, apply the workaround, and then upgrade to v7.4.8 or v7.6.3.
Related document: Policies that use an interface show missing or empty values after an upgrade |