Description
Even when following the recommended upgrade path, some settings may be lost after the upgrade due to a difference in supported features between the firmware versions.
Solution
The following command can be used in order to list configuration errors resulted during the upgrade process and boot up.
diagnose debug config-error-log read
An example of a commonly reported error is as follows:
>>> "unset" "post-lang" @ root.firewall.profile-protocol-options.scan.ftp:command parse error (error -61)
The line above indicates an issue with the parameter "post-lang", inside the FTP configuration in ROOT VDOM of a firewall Proxy Options profile called 'scan'. Here is the CLI configuration section:
config firewall profile-protocol-options
edit scan
config ftp
unset post-lang
...
The next suitable step would be to confirm in the CLI Guide of the particular FortiOS firmware version whether the parameter 'post-lang' still exists, was removed, or renamed.
In multi-VDOM, the errors would look like this:
config" "firewall policy46" @ root:command parse error (error -61)
config" "firewall policy64" @ GUEST:command parse error (error -61)
set override" "enable" @ PRODUCTION.log.syslogd.override-setting:command parse error (error -61)
Note: The commands 'config firewall policy64' and 'config firewall policy46' are supported only in FortiOS versions 6.2.x through 7.0.0.
In FortiOS 7.0.1, these commands were removed, and their functionality was merged into the firewall policy for simplified configuration: FortiOS 7.0.1 FortiOS 7.0.1 Release Notes | Add interface for NAT46 and NAT64 to simplify policy and....
In this document, each VDOM is highlighted in BLUE color for reference, such as root, GUEST, and PRODUCTION.
The first two errors refer to firewall policy64 and policy46 that were being used to create IPV6 to IPV4 and IPv4 to IPV6 policy.
The last error refers to attribute ‘set override’ in configuration of log.syslogd.override-setting as follows :
config log syslogd override-setting
set override enable
…
There could be a case where there is a change in CLI for a reason, and it will be possible to find such changes in release notes of particular FortiOS firmware versions under the section 'changes in CLI'.
It is even possible to compare the configuration file to examine any configuration lost during the upgrade.
Note:
Versions 4.0 up to 6.4 are out of engineering support, so these commands might be different on higher versions. Consider upgrading the device's firmware level to a supported version (v7.0 up to v7.6). Check the firmware path and compatibility depending on the hardware.
