Skip to main content
mhdganji
mhdganji
Explorer III
July 15, 2022
Solved

Problem while upgrading from 7.0.5 to 7.0.6

  • July 15, 2022
  • 2 replies
  • 4112 views

Hi,

After upgrading from 7.0.5 to 7.0.6, I noticed all my proxy policies and any configuration related to proxy service are gone. I had backed up global configuration and tried to restore it but still those proxy configurations are not back. Any bug or me-made mistake here?

 

Best answer by Debbie_FTNT

Hey mhdganji,

these lines:

>>> "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)

>>> "next" @ 246:global.system.interface.Proxy0:failed command (error 1)

>>> "next" @ 253:global.system.interface.Proxy1:failed command (error 1)

-> they indicate that something is wrong with the vdom-link 'proxy' and the two related interfaces (proxy0 and proxy1)

The other lines, you can see it mentions 'proxy0' as destination interface:

>>> "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)

 

My guess is that the inter-vdom-link and interfaces for some reason did not survive the upgrade, and thus all policies relying on the interfaces did not survive the upgrade either.
It doesn't tell us WHY the inter-vdom-link has an error/doesn't exist, but you could probably fix the issue as follows:
- create a new inter-vdom-link called proxy, with proxy0/1 subinterfaces (make sure proxy0 is in the proxy VDOM)
- copy&paste the policies from the old config file into CLI
- copy&paste the static route from the old config file into CLI

2 replies

warshad
Staff
warshad
Staff
July 17, 2022

Hi mhdganji,

 

I am not sure if its a bug. Can you see the proxy policies and configuration related to proxy services in your backed up config file? 

 

 

 

mhdganji
mhdganjiAuthor
Explorer III
July 17, 2022

Hi @warshad 

Yes I can see them in the backup file. The parts missing after upgrade is proxy policies in the proxy VDOM (the VDOM itself remains in config) and also the VDOM links 


You can give it a test too and may find it as a bug or may notice me of a problem at my side.

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
July 18, 2022

Hey mhdganji,

there are two diagnostic commands you can run on FortiGate CLI to get some additonal information:

#get system startup-error-log

#diag debug config-error-log read
You can refer to this KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-is-partially-lost-after-upgrade/ta-p/197603

 

That might provide some insight as to why the configuration would have been lost.

One reason may be that the VDOM was somehow switched to policy-mode instead of profile-mode; I know that more or less completely wipes the proxy configuration from experience.

mhdganji
mhdganjiAuthor
Explorer III
July 19, 2022

Hi @Debbie_FTNT 

 

The first command returns the text below and the seconds returns nothing

 

 

>>>  "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)

>>>  "next" @ 246:global.system.interface.Proxy0:failed command (error 1)

>>>  "next" @ 253:global.system.interface.Proxy1:failed command (error 1)

>>>  "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18236:Proxy.firewall.proxy-policy.1:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18254:Proxy.firewall.proxy-policy.9:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18273:Proxy.firewall.proxy-policy.5:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18290:Proxy.firewall.proxy-policy.2:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18307:Proxy.firewall.proxy-policy.8:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18324:Proxy.firewall.proxy-policy.10:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18341:Proxy.firewall.proxy-policy.11:value parse error (error -3)

>>>  "set" "device" "Proxy0" @ 18661:Proxy.router.static.1:value parse error (error -651)

>>>  "next" @ 18662:Proxy.router.static.1:failed command (error 1)

 

Could you help me to interpret the log and find what is wrong?

I have the old config file if needed

 

 

Thanks

Terms & ConditionsAccessibility statement