Upgraded to 7.4.11 and broke our primary internal interface

Forum|Forum|4 months ago
February 9, 2026
5 replies
4888 views

We ran and update on the 100 box last night.

Out internal interface has two subnets, the primary is an old legacy one that three or four mission critical serves run on and the secondary is the new one that includes all work stations etc. After the update the secondary was fine but he primary lost all traffic. We rolled back to 7.49 and all is fine. Annoying bug that we have no way of testing as we have no test environment. We had held off till the mature release as we've been burned before.

Just an FYI.

FortiGate

funkylicious

SuperUser

see https://docs.fortinet.com/document/fortigate/7.4.10/fortios-release-notes/230510/changes-in-default-behavior#:~:text=more%20reliable%20activation.-,1225202,-The%20default%20setting

"jack of all trades, master of none"

ede_pfau

SuperUser

To convey this information to readers:

most likely this is due to a change in behavior that affects traffic between subnets which run on the same interface. This was allowed up to v7.4.10, now it needs an explicit policy to happen:

srcintf=lan1, dstintf=lan1, srcaddr=net1, dstaddr=net2, ...., action=allow

Or you can reactivate the previous default in 'config system global'.

If I think about it, this would happen everytime you had another router in your LAN, and the FGT as your primary router. Eventually, it would have to redirect traffic coming in on e.g. 'lan1' to the second router on the same interface.

So, explicit now, implicit before.