Pieces of configuration purged... what is the source...?

Forum|Forum|9 years ago
September 14, 2016
1 reply
23902 views

I'm a little bit confused.

In a FortiOS 5.4.0 appliance I've suddendly lost firewall policies and routing and in event logs I see these entries (attached image).

Same second... 4 commands. Any ideas???

absurd.jpg

pyy

New Member

Purge means that someone delete all the section config

ex

config firewall policy

edit x

next .

.

edit y

mpla mpla

purge will delete x,y,10

So the admin add a static route/fw policy and instead of use delete in order to delete the entry he use the purge and delete all the section

ede_pfau

SuperUser

Probably an upgrade gone wrong. Upgrades do not only comprise firmware code but transformation procedures as well. Somehow these went wild, that's where the 'purge' commands come in.

The routes and OSPF config etc. is just the last part of a config file. The FGT will boot with a partial config file just fine, surprisingly.

I'd rebuild the flash disk from scratch via the boot manager (connect via serial port, stop the boot process, reformat the disk, reload firmware via TFTP, reload the config).

emnoc

New Member

I would use the cfg revision to see 'exactly' what was b4 and after. The log seems to show this was a "admin" event, so if that is true at least the log systems will have the address of the user.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded