Troubleshooting Tip: FortiManager v7.6.2 Install Policy validation stucked at 67%

Ishan · ‎05-19-2025

Description This article describes that after upgrading FortiManager to v7.6.2 installation of the policy package using the install wizard preparation is stuck at 67%.

Scope FortiManager after upgrade to v7.6.2.

Solution

The 67% hung task is caused by the firewall policy in policy package which is having deny all configuration.

Verify the show details: 'VPN manager is stuck with message policy validation: There is a "deny all" firewall policy (seq=x, id=y) found in the middle of policy package'.

To troubleshoot, take the following output from the CLI of FortiManager and verify the following:

diagnose debug application securityconsole 255 diagnose debug enable

SECURITY_CONSOLE: Prepare global policies time: 0 hours 0 minutes 3.617946 seconds. SECURITY_CONSOLE: (1) [VPN manager ] Policy validation: There is a ''deny all'' firewall policy (seq=2, id=800) found in middle of policy package (reason:none)

SECURITY_CONSOLE: (22537) pid=1, devid = 7104, idx=0, max_cpu=1.

SECURITY_CONSOLE:

Workaround:

A workaround is to disable the deny-all policy temporarily or to change it a little bit.

Solution:

This issue is fixed in v7.6.4.

Note:

Starting from v7.6.2, there is a warning 'Policy validation: There is a deny-all firewall policy found in middle'.

This is just a warning, and it should not stop the installation.

Troubleshooting Tip: FortiManager v7.6.2 Install Policy validation stucked at 67%

You are leaving our website