Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor

Problem while upgrading from 7.0.5 to 7.0.6

Hi,

After upgrading from 7.0.5 to 7.0.6, I noticed all my proxy policies and any configuration related to proxy service are gone. I had backed up global configuration and tried to restore it but still those proxy configurations are not back. Any bug or me-made mistake here?

 

1 Solution
Debbie_FTNT

Hey mhdganji,

these lines:

>>> "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)

>>> "next" @ 246:global.system.interface.Proxy0:failed command (error 1)

>>> "next" @ 253:global.system.interface.Proxy1:failed command (error 1)

-> they indicate that something is wrong with the vdom-link 'proxy' and the two related interfaces (proxy0 and proxy1)

The other lines, you can see it mentions 'proxy0' as destination interface:

>>> "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)

 

My guess is that the inter-vdom-link and interfaces for some reason did not survive the upgrade, and thus all policies relying on the interfaces did not survive the upgrade either.
It doesn't tell us WHY the inter-vdom-link has an error/doesn't exist, but you could probably fix the issue as follows:
- create a new inter-vdom-link called proxy, with proxy0/1 subinterfaces (make sure proxy0 is in the proxy VDOM)
- copy&paste the policies from the old config file into CLI
- copy&paste the static route from the old config file into CLI

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

6 REPLIES 6
warshad
Staff
Staff

Hi mhdganji,

 

I am not sure if its a bug. Can you see the proxy policies and configuration related to proxy services in your backed up config file? 

 

 

 

Waqas Arshad
Fortinet
mhdganji
Contributor

Hi @warshad 

Yes I can see them in the backup file. The parts missing after upgrade is proxy policies in the proxy VDOM (the VDOM itself remains in config) and also the VDOM links 


You can give it a test too and may find it as a bug or may notice me of a problem at my side.

Debbie_FTNT

Hey mhdganji,

there are two diagnostic commands you can run on FortiGate CLI to get some additonal information:

#get system startup-error-log

#diag debug config-error-log read
You can refer to this KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-is-partially-lost-after-upgr...

 

That might provide some insight as to why the configuration would have been lost.

One reason may be that the VDOM was somehow switched to policy-mode instead of profile-mode; I know that more or less completely wipes the proxy configuration from experience.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
mhdganji

Hi @Debbie_FTNT 

 

The first command returns the text below and the seconds returns nothing

 

 

>>>  "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)

>>>  "next" @ 246:global.system.interface.Proxy0:failed command (error 1)

>>>  "next" @ 253:global.system.interface.Proxy1:failed command (error 1)

>>>  "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18236:Proxy.firewall.proxy-policy.1:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18254:Proxy.firewall.proxy-policy.9:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18273:Proxy.firewall.proxy-policy.5:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18290:Proxy.firewall.proxy-policy.2:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18307:Proxy.firewall.proxy-policy.8:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18324:Proxy.firewall.proxy-policy.10:value parse error (error -3)

>>>  "set" "dstintf" "Proxy0" @ 18341:Proxy.firewall.proxy-policy.11:value parse error (error -3)

>>>  "set" "device" "Proxy0" @ 18661:Proxy.router.static.1:value parse error (error -651)

>>>  "next" @ 18662:Proxy.router.static.1:failed command (error 1)

 

Could you help me to interpret the log and find what is wrong?

I have the old config file if needed

 

 

Thanks

Debbie_FTNT

Hey mhdganji,

these lines:

>>> "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)

>>> "next" @ 246:global.system.interface.Proxy0:failed command (error 1)

>>> "next" @ 253:global.system.interface.Proxy1:failed command (error 1)

-> they indicate that something is wrong with the vdom-link 'proxy' and the two related interfaces (proxy0 and proxy1)

The other lines, you can see it mentions 'proxy0' as destination interface:

>>> "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)

 

My guess is that the inter-vdom-link and interfaces for some reason did not survive the upgrade, and thus all policies relying on the interfaces did not survive the upgrade either.
It doesn't tell us WHY the inter-vdom-link has an error/doesn't exist, but you could probably fix the issue as follows:
- create a new inter-vdom-link called proxy, with proxy0/1 subinterfaces (make sure proxy0 is in the proxy VDOM)
- copy&paste the policies from the old config file into CLI
- copy&paste the static route from the old config file into CLI

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
mhdganji

I already did that and corrected the problem using backup config. Somehow wanted to know and inform the forum about the probable problem and maybe to find the exact root cause.