Product: Fortimanager-VM64
Version: v7.0.4 build0306
So, this is just super fun. Upgrading a Fortigate from 6.4.x to 7.x requires using a 7.x ADOM, but once you do that if you have any VIP range definitions, they break and you can no longer push policy to the devices. Like, at all.
Even (and especially if) you're only using IPv4, within the 7.x ADOM in the Fortimanager, when attempting a per-device mapping for a VIP, below "External IP Address/Range" and "Mapped IPv4 Address/Range" appears "Mapped IPv6 Address/Range" which pre-fills with "::" and "::3fe" which despite many attempts to remove these values, isn't apparently going away.
The end result is that when you try to push policy to the device, it uploads but won't apply because it attempts to set inappropriate IPv6 parameters on the thing, and there's no way to remove them.
Does anyone happen to know if there's a sane workaround for this stupid bug?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It turns out the solution is an update to 7.0.5 (which requires an extra special version to avoid a BGP-related bug if you're using BGP so call support on the phone for that), after which you go back into the VIP and delete the "::" from the address field and re-save, and you'll know it worked because it won't populate the end address with "::3fe" (and the policy will push without failing).
try to delete the :: in the IPv6 address field.
They won't disappear, but the color would change to a lighter grey (hard to see)
It can't be deleted. Even trying temporarily replaces it with ::0.0.0.0 which turns back into :: when you hit enter.
It turns out the solution is an update to 7.0.5 (which requires an extra special version to avoid a BGP-related bug if you're using BGP so call support on the phone for that), after which you go back into the VIP and delete the "::" from the address field and re-save, and you'll know it worked because it won't populate the end address with "::3fe" (and the policy will push without failing).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.