FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hlngan
Staff
Staff
Article Id 198716
Description
This article explains why there are missing ISDB objects in the policy after upgrade and how to correct this.

Solution
After performing major version upgrade (for example 5.6 to 6.0, or 6.0 to 6.2), the ISDB objects in the policy might get lost.

This can happen because between different versions, a different ISDB database is used.
During the upgrade, if the entries on the target version is altered/discarded, the object will not be saved after the upgrade.


Therefore, it is important to check the configuration loss using the following command:
# diag debug config-error-log read
>>> "set" "internet-service-id" "65547" @ root.firewall.policy.1:value parse error (error -3)
The above example demonstrate that the ISDB objects 'ID 65547' in the firewall policy does not exist in the new ISDB database after the upgrade.

After the upgrade, replace or re-fill the lost object in the policy manually.

Related Articles

Technical Tip: Configuration is partially lost after upgrade

Contributors