Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asostizzo_FTNT
Staff
Staff

Created on ‎08-25-2016 02:36 PM Edited on ‎04-23-2025 09:24 PM By Community Manager

Article Id 197603

Technical Tip: Configuration is partially lost after upgrade

Description

 

Even when following the recommended upgrade path, some settings may be lost after the upgrade due to a difference in supported features between the firmware versions.


Solution

 

The following command can be used in order to list configuration errors resulted during the upgrade process and boot up.
 
diagnose debug config-error-log read

An example of a commonly reported error is as follows:
 
>>> "unset" "post-lang" @ root.firewall.profile-protocol-options.scan.ftp:command parse error (error -61)

The line above indicates an issue with the parameter "post-lang", inside the FTP configuration in ROOT VDOM of a firewall Proxy Options profile called 'scan'.  Here is the CLI configuration section:
 
config firewall profile-protocol-options
    edit scan
        config ftp
            unset post-lang
...

The next suitable step would be to confirm in the CLI Guide of the particular FortiOS firmware version whether the parameter 'post-lang' still exists, was removed, or renamed.
 

In multi-VDOM, the errors would look like this:

 

config" "firewall policy46" @ root:command parse error (error -61)

config" "firewall policy64" @ GUEST:command parse error (error -61)

set override" "enable" @ PRODUCTION.log.syslogd.override-setting:command parse error (error -61)

 

In this document, each VDOM is highlighted in BLUE color for reference such as root, GUEST, and PRODUCTION.

 

The first two errors refer to firewall policy64 and policy46 that were being used to create IPV6 to IPV4 and IPv4 to IPV6 policy.

 

The last error refers to attribute ‘set override’ in configuration of  log.syslogd.override-setting as follows :

 

config log syslogd override-setting

    set override enable

 

There could be a case where there is a change in CLI for a reason and you will be able to find such changes in release notes of particular FortiOS firmware versions under the section 'changes in CLI'.

 

It is even possible to compare the configuration file to examine any configuration lost during the upgrade.

 

Note:

Versions 4.0 up to 6.4 are out of engineering support, so these commands might be different on higher versions. Consider upgrading the device's firmware level to a supported version (v7.0 up to v7.6). Check the firmware path and compatibility depending on the hardware.

38066
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.