Technical Tip: Local-in-Policy is Missing after up...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 367001

Description

This article explains why local-in-policy is missing after upgrading to v7.4.6, v7.4.7 or v7.6.1.

Scope

FortiGate v7.4.6, v7.4.7, v7.6.1.

Solution

If the local-in-policy use interface was part of the SD-WAN zone, this policy will be deleted after upgrading to v7.4.6, v7.4.7 or v7.6.1: Policies that use an interface show missing or empty values after an upgrade

The behavior is due to New Feature ID: 1071495: New features or enhancements

Local-in policy.
DoS policy.
Interface policy.
Multicast policy.
TTL policy.
Central SNAT map.
This update simplifies policy management and boosts operational efficiency.

When running commands 'diagnose debug config-error-log read', it will show below output:

diagnose debug config-error-log read
>>> "set" "intf" "port2" @ root.firewall.local-in-policy.1:value parse error (error -651)
>>> "next" @ root.firewall.local-in-policy.1:failed command (error 1)
>>> "set" "intf" "port1" @ root.firewall.local-in-policy.2:value parse error (error -651)
>>> "next" @ root.firewall.local-in-policy.2:failed command (error 1)

After upgrading to v7.4.6, v7.4.7 or v7.6.1, local-in-policies should be manually created and assigned the appropriate SD-WAN Zone.

1794

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Local-in-Policy is Missing after upgrading to v7.4.6, v7.4.7 or v7.6.1

You are leaving our website