Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
MichaelTorres
Staff
Staff

Created on ‎04-17-2025 11:30 PM Edited on ‎09-08-2025 10:36 PM By Community Manager

Article Id 388143

Troubleshooting Tip: Local-in policy, local-in-policy6, DoS policy are delete it in versions 7.6.1 and 7.6.2

Description

This article describes a behavior where users with Local-in policy, local-in-policy6, DoS policy interface policy, multicast policy, TTL policy, or central SNAT map configure using interfaces that were part of an SD-WAN zone in versions 7.4.5, 7.6.0, or any previous GA version. These policies will be deleted after upgrading to versions 7.6.1 or 7.6.2.
Scope

FortiGate will use Local-in policy, local-in-policy6, DoS policy, interface policy, multicast policy, TTL policy, or central SNAT map configured using interfaces that are part of an SD-WAN zone.
Solution

The user has a local in policy configured using an interface part of an SD-WAN zone.

 

config system sdwan
    set status enable
        config zone
            edit "virtual-wan-link"
            next
        config members
        edit 4
            set interface "port3"
        next

 

config firewall local-in-policy
    edit 1
        set intf port3

        set internet-service-src disable
        set dstaddr-negate disable
        set action deny
        set service-negate disable
        set schedule always
        set status enable
        set comments ''
    next

 

After upgrading to versions 7.4.6, 7.6.1, these policies are deleted, and users must manually create new local-in policies as documented in the following link using the SD-WAN interfaces.

Local-in policy 

 

Workaround:

After upgrading to v7.6.1GA, users will need to manually recreate these policies and assign them to the appropriate SD-WAN zone.

 

Final Fix:

Upgrade to v7.4.8, v7.6.3.

 

Special note:

Although previous versions do not include the fix, it is not recommended to bypass the upgrade path.

In some cases, users must upgrade to previous versions following the upgrade path, apply the workaround, and then upgrade to v7.4.8 or v7.6.3.

 

Related document:

Policies that use an interface show missing or empty values after an upgrade
801
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.