Troubleshooting Tip: FortiManager v7.6.2 Install Policy validation stucked at 67%
| Description | This article describes that after upgrading FortiManager to v7.6.2 installation of the policy package using the install wizard preparation is stuck at 67%. |
| Scope | FortiManager after upgrade to v7.6.2. |
| Solution | The 67% hung task is caused by the firewall policy in policy package which is having deny all configuration.
Verify the show details: 'VPN manager is stuck with message policy validation: There is a "deny all" firewall policy (seq=x, id=y) found in the middle of policy package'.
To troubleshoot, take the following output from the CLI of FortiManager and verify the following:
diagnose debug application securityconsole 255
SECURITY_CONSOLE: Prepare global policies time: 0 hours 0 minutes 3.617946 seconds. SECURITY_CONSOLE: (1) [VPN manager ] Policy validation: There is a ''deny all'' firewall policy (seq=2, id=800) found in middle of policy package (reason:none) SECURITY_CONSOLE: (22537) pid=1, devid = 7104, idx=0, max_cpu=1. SECURITY_CONSOLE:
Workaround: A workaround is to disable the deny-all policy temporarily or to change it a little bit.
Solution: This issue is fixed in v7.6.4.
Note: Starting from v7.6.2, there is a warning 'Policy validation: There is a deny-all firewall policy found in middle'. This is just a warning, and it should not stop the installation. |