FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adimailig
Staff & Editor
Staff & Editor
Article Id 367001
Description This article explains why local-in-policy is missing after upgrading to v7.4.6, v7.4.7 or v7.6.1.
Scope FortiGate v7.4.6, v7.4.7, v7.6.1.
Solution

If the local-in-policy use interface was part of the SD-WAN zone, this policy will be deleted after upgrading to v7.4.6, v7.4.7 or v7.6.1: Policies that use an interface show missing or empty values after an upgrade

The behavior is due to New Feature ID: 1071495: New features or enhancements

  • Local-in policy.
  • DoS policy.
  • Interface policy.
  • Multicast policy.
  • TTL policy.
  • Central SNAT map.
  • This update simplifies policy management and boosts operational efficiency.

 

When running commands 'diagnose debug config-error-log read', it will show below output:

 

diagnose debug config-error-log read
>>> "set" "intf" "port2" @ root.firewall.local-in-policy.1:value parse error (error -651)
>>> "next" @ root.firewall.local-in-policy.1:failed command (error 1)
>>> "set" "intf" "port1" @ root.firewall.local-in-policy.2:value parse error (error -651)
>>> "next" @ root.firewall.local-in-policy.2:failed command (error 1)


After upgrading to v7.4.6, v7.4.7 or v7.6.1, local-in-policies should be manually created and assigned the appropriate SD-WAN Zone.