FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asostizzo_FTNT
Article Id 197603

Description

 

Even when following the recommended upgrade path, some settings may be lost after the upgrade due to a difference in supported features between the firmware versions.


Solution

 

The following command can be used in order to list configuration errors resulted during the upgrade process and boot up.
 
diagnose debug config-error-log read

An example of a commonly reported error is as follows:
 
>>> "unset" "post-lang" @ root.firewall.profile-protocol-options.scan.ftp:command parse error (error -61)

The line above indicates an issue with the parameter "post-lang", inside the FTP configuration in ROOT VDOM of a firewall Proxy Options profile called 'scan'.  Here is the CLI configuration section:
 
config firewall profile-protocol-options
    edit scan
        config ftp
            unset post-lang
...

The next suitable step would be to confirm in the CLI Guide of the particular FortiOS firmware version whether the parameter 'post-lang' still exists, was removed, or renamed.
 

In multi-VDOM, the errors would look like this:

 

config" "firewall policy46" @ root:command parse error (error -61)

config" "firewall policy64" @ GUEST:command parse error (error -61)

set override" "enable" @ PRODUCTION.log.syslogd.override-setting:command parse error (error -61)

 

In this document, each VDOM is highlighted in BLUE color for reference such as root, GUEST, and PRODUCTION.

 

The first two errors refer to firewall policy64 and policy46 that were being used to create IPV6 to IPV4 and IPv4 to IPV6 policy.

 

The last error refers to attribute ‘set override’ in configuration of  log.syslogd.override-setting as follows :

 

config log syslogd override-setting

    set override enable

 

There could be a case where there is a change in CLI for a reason and you will be able to find such changes in release notes of particular FortiOS firmware versions under the section 'changes in CLI'.

 

It is even possible to compare the configuration file to examine any configuration lost during the upgrade.