Technical Tip: Not possible to choose URL-Lists as Destination Address on Authentication Rules after upgrade

Description

 
This article describes an issue with Authentication Rules and the URL-List no longer being available for selection as a Destination Address after upgrading to v7.4.11 or 7.6.6.

Scope

FortiProxy, v7.4.11, v7.6.6

Solution

The following scenario is seen in this case:

• Under Web Filter URL list, there are entries with external resources created.

• Proxy addresses are configured with Type URL List, which will push the entries created on Web Filter URL List.

• These proxy addresses will be used as destination on the Authentication Rules created.

However, the proxy addresses are not visible on GUI to be selected after an upgrade. When using the CLI, the addresses can be selected without issues.

With other types of proxy addresses (like Regex or Pattern), the issue is not observed. This is only a GUI issue, as there is no impact on the traffic or on the Rules.

In the CLI, the behavior is as follows:

config webfilter url-list
    edit "TEST_Admin"
        set uuid 42f335a2-38a3-51f1-cdb9-1ceb49026dfd
            config entries
                edit "forticare.fortinet.com/CustomerSupport/SupportTeam.aspx"
            next
        end
    next
end


config firewall proxy-address
    edit "Test12"
        set uuid 2a5a0f36-38ba-51f1-b0b2-f77c339f6e72
        set type url-list
        set host "all"
        set url-list "TEST_Admin"
    next
end

config authentication rule
     edit "Admin"
         set srcintf "port1"
         set srcaddr "all"
         set dstaddr "Test12"
     next
end

In the GUI however, the option will not be available for selection:

This is only cosmetic issue with the GUI - it does not affect system behavior. It is expected to be resolved in versions v7.4.14 and v7.6.7 of FortiProxy.