Users may encounter the following error when trying to import local-in-policy from a managed FortiGate into FortiManager.

The local-in-policy is using an SD-WAN Zone as its interface:

config firewall local-in-policy

    edit 1

        set srcaddr "test_src"

        set dstaddr "test_dst"

        set action accept

        set service "HTTPS"

        set schedule "always"

        set intf "virtual-wan-link"

    next

The reason FortiManager is throwing the error is that FortiManager v7.6.2 and below does not allow local-in-policy to use SD-WAN Zone as its interface.

The solution is to either:

1. Upgrade FortiManager to v7.6.3 or above, which allows local-in-policy to use SD-WAN Zone as the interface, or
2. Change the local-in-policy in the FortiGate to use interfaces other than the SD-WAN Zone, then import the policy into FortiManager.

The image below shows the successful import of the same local-in-policy after FortiManager is upgraded to v7.6.3: