Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dgits
New Contributor

SW-WAN Rules failed to save changes

Hi everyone,

 

I've a strange issue with my Fortigate 60F and SD-Wan Rules.

 

When I go to the SD-WAN Rules, i've constanelly the loading spinning without results :

dgits_0-1665935373999.png

If I retry after a couple of refresh or after go to another menu the page is finally displaying the rules.

But i cannot change the order and receive an error : 

dgits_1-1665935466311.png

 

I was previously with the 7.2.1 and change to 7.2.2 after the announce of fortinet to upgrade immediatly due a leak on the previous firmware but i don't think this is the cause.

 

At this time i can only create or delete rules and i've only tree rules : default, rule for a computer and default implicit with "source-destination IP"

 

Can you help me please.

9 REPLIES 9
dgits
New Contributor

nobody ?

esec
New Contributor III

Haven´t experienced the same issue, but when I have issues in the GUI I normally do the same thing in the CLI and hopefully get a error describing why you can´t do the change in the GUI.

 

You can also start a SSH session to the Fortigate and run CLI debug to see what commands that are being done in the GUI -> Technical Tip: Verify configuration in CLI - Fortinet Community

 

If the above doesn´t solve it I would remove all SD-WAN rules and re-create them and hope that solves it. 

dgits
New Contributor

Thanks esec

 

I've already try with new rules (with a factoryreset).

I've also try to move the SD-WAN rules (to change order) but i've still the problem (Failed to save changes). When I move a rule, nothing happens from SSH diagnose side.

 

When I update a rule, i've been the command with this result :

write config file success, prepare to save in flash

[__create_file_new_version:274] the new version config file '/data/./config/sys_vd_root+root.conf.gz.v000000016' is created
[symlink_config_file:341] a new version of '/data/./config/sys_vd_root+root.conf.gz' is created: /data/./config/sys_vd_root+root.conf.gz.v000000016
[symlink_config_file:385] the old version '/data/./config/sys_vd_root+root.conf.gz.v000000015' is deleted
[symlink_config_file:387] '/data/./config/sys_vd_root+root.conf.gz' has been symlink'ed to the new version '/data/./config/sys_vd_root+root.conf.gz.v000000016'. The old version '/data/./config/sys_vd_root+root.conf.gz.v000000015' has been deleted
zip config file /data/./config/sys_vd_root+root.conf.gz success!

 

I've also try with downgraded to the firmware 7.2.0 and that's works with this version !

So what's happening from 7.2.0 to 7.2.1 and 7.2.2 with sd-wan ??!!

The only changes I see is the ipv6 all on the implicit default rule :

dgits_0-1666022250030.png

esec
New Contributor III

OK, really sounds like a bug. I would either create a TAC case or manage to live with this by using the CLI.

 

7.2.2 is still a pretty new release, with a lot of bugs..

dgits
New Contributor

ok thanks 

 

i would make a TAC case but my forticloud license is expired, anyone can make this ?

 

in the meantime, I put back to the 7.0.8

 

Megawork
New Contributor

Same issue here.

SD WAN Rules, when moving orders.

 

Megawork_0-1666376539998.png

 

ykenny
Staff
Staff

Same issue here +1 with 7.2.2

Lephongrap
New Contributor II

Same issue here +1 with 7.2.2. I think we need waiting for the new update : ))

Phong Le
Phong Le
alif
Staff
Staff

The issue is identified and worked under bug ID 835089. It will be resolved in FortiOS 7.2.3 scheduled for release in November, 2022.

 

As a workaround, the SDWAN rules can be modified via CLI.

 

config system sdwan
config service
show (to view the IDs of SDWAN rules or use the GUI to identify the IDs)

move x before y
or
move x after y
end
end

 

where x is the ID of the SDWAN that needs to be moved, y is the ID of the SDWAN rule precede or succeed.

Regards,
SFA
Labels
Top Kudoed Authors