FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 269498


Description This article describes workaround steps to follow if an issue appears with the SD-WAN interface that is not visible after upgrading to version 7.2.5/7.4.0.
Scope FortiGate.

Run into cosmetic issue post upgrade to version 7.2.5/7.4.0.


Problem Description: 

  • Unable to see 'virtual-wan-link' as a valid source/destination Interface when editing or creating firewall policy from GUI:



  •  SD-WAN zone is not showing up in Network -> Interfaces from GUI.





  • Editing and creating a firewall policy with 'virtual-wan-link' as the source/destination interface is possible from CLI:



set name "WIFI-AMI-Visiteurs_To_WAN"
set uuid 7e66ed90-9000-51ec-ed04-a16404ef4b41
set srcintf "AMI-Visiteurs"
set dstintf "virtual-wan-link"   <<<<<<<<<<<<<<<
set action accept
set srcaddr "AMI_WIFI_AMI_Visiteurs"
set dstaddr "all"
set schedule "always"
set service "ALL" 

set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set webfilter-profile "default"
set dnsfilter-profile "default"
set logtraffic all
set nat enable




  • The issue is specific to Hardware devices and is not observed on virtual machines.
  •  This is a cosmetic bug scenario that will not affect the production traffic. However, creating new policies on GUI will not show the SD-WAN interface to be mapped under the destination.
  • There are no concerns with the CLI and is functional. Even it will be possible to see the SD-WAN interface.



  • Creating a new dummy SD-WAN zone, virtual-wan-link will be visible and possible to be configured in firewall policy from GUI:



config system sdwan
    config zone
        edit "DUMMY"



  • The dummy zone is visible under SD-WAN zones. However, is not mapped under any firewall policy.
  • Post the above change, it will be possible to see all the lost SD-WAN interfaces available on the GUI under the firewall policy.


Permanent Solution:

  • This cosmetic bug is resolved with the upgrade to version 7.2.6/7.4.1