Users can utilize Sections in the FortiManager policy package to logically split the policy package (for example, based on the change order, ticket, or incident number associated with a specific set of rules).

More information on Policy Package sections is available in the FortiManager Administration Guide.

The information regarding which section a policy belongs to is saved in the global-label attribute of each policy. In the following screenshot, policy sequence 1 has the global-label set to test, while policies 2 and 3 have the global-label set to test2:

Inspecting policy 3 shows that it has the global-label variable set under Advanced Options:

Throughout normal operations or as a result of user error, the variable can be deleted (set as empty). In such cases, the FortiManager GUI still displays the sections correctly as long as the first policy of the section has the correct global-label set.

For example, if the global-label of policy 3 in the above example is removed, the GUI remains intact, but the policy detail and API response both return an empty value for the global-label. This can lead to issues with automation that relies on the global-label value:

There are 2 ways to remediate the issue. In a small deployment, the policy can be moved, either within the same section or to a different section, and back to the original section. FortiManager checks the section title every time a policy is moved and updates the variable accordingly.

To remediate issues with missing global-label values across all policy packages, run the following command:

diagnose cdb upgrade check copy-section-title
Checking: Copy section title from previous policy config
No error found

Note: When workspace mode is enabled, an ADOM lock for all ADOMs is required to run the command.

The command checks all policies, and if any policy is missing a global-label value, it copies the value from the preceding policy.

The following example shows the command detecting and fixing the issue with a missing global-label: