renaming ipsec phase1 - did i find a bug?

Forum|Forum|8 years ago
June 6, 2018
1 reply
6162 views

Hi,

just recently had this on our FMG:

I had to rename an IPSec Phase 1 Interface.

I am able to do this in our FMG.

FMG though lost its mappings afterwards (but I can live with that - I did rename the interface so how should the mappings know that?). Would be nice to have that mappings are autocorrected upon renaming interfaces - but that's not the point here.

The Point is: FMG let's you rename the IPSec Phase1 and it does accept it. Thus it's unable to then roll the changes out to the corresponding FGT. Accoarding to the log the order FMG does this is the problem.

FMG first sets up a new IPSec Phase1 with the new name and the params of the old ones and then deletes the old one afterwards. This has to rise conflicts because the old Phase1 is still using the objects as long as it exists.

Atm I see no other way than to do it manually on the FGT and then retrieve config on the FMG.

chall_FTNT

Staff

What firmware version are you running on the FortiManager? What you have reported sounds like bug id 417360 which was resolved in 5.4.3 & 5.6.0.

Bug Summary: device level ipsec phase1 or phase2, rename "gateway name" will create a new entry instead of update existing config

(Fix: in the backend, instead of using "set", use "update" to change this parameter)

sw2090Author

SuperUser

My FMG runs v5.4.4-build1225 171005 (GA)

I renamed the phase1-interface. FMG creates new phase1 with new name instead of updating the existing and runs into conflicts with various objects that are in use by the existing phase1 then.

Yes sounds like that bug you mentioned - seems not to be fixed in this Firmware yet

chall_FTNT

Staff

Best to open a support ticket then so that Fortinet can do more investigation into your issue, in particular why that bug fix did not address that behavior.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded