In this scenario, the VLAN interface 'vlan10' is configured on FortiSwitch Manager in FortiManager and assigned to a template in order to be pushed to a registered FortiGate device:

The template is then pushed to the FortiGate in a policy package installation.

After the installation, PING is enabled for 'vlan10' on the FortiGate itself. This will be auto-updated in FortiManager's Device Manager database:

However, this will not be reflected in FortiSwitch Manager, where the VLAN interface will retain its original setting.

When trying to install a policy change, FortiManager will try to unset the interface's allowaccess setting:

This is because the VLAN interface does not allowaccess configured in FortiSwitch Manager, and the template configurations in FortiSwitch Manager will take precedence when performing a policy install.

To resolve this, simply enable PING on 'vlan10' in FortiSwitch Manager:

After making the change, FortiManager will not try to unset allowaccess on the VLAN interface: