Experienced a very strange behaviour yesterday and wanted to know if anyone has experienced the same and if there's any actual explanation as to what's going on. Let me give you a brief overview of the events.

I have a Fortigate 1500D with OS version 5.2 on which there's 4 VDOMs (including root). 2 Physical interfaces are configured as redundant interfaces for each VDOM and then on this redundant interface the appropriate VLANs are configured. Everything works fine.

On one of the VDOM, I needed to update some 160 rules, changing source address from a subnet (defined in address) to a group of servers (again defined in the address). Instead of doing so in the GUI, I backed up the VDOM config. From the backup, I edited the appropriate firewall policies, doing a simple search and replace for the source.

The updated config was restored to the Fortigate and suddenly the VDOM stopped working. All associated interfaces stopped responding. Looked into the GUI and found the Redundant interface down. Actually tried to put it into administratively down and back up. Link status goes up and after few seconds down. That's when I also noted the type of the interface had changed from redundant to aggregate.

Double checked my backup and the updated config and interface was set to redundant. Tried a second restore and even rebooted the appliance, interface would stay on aggregate.

So had to reconfigure other interfaces and change the rules manually to get the setup working as could not change the redundant interface type back to what it should be. Also could not delete it as rules were assigned to those interfaces.

Any idea what may have happened? Any idea why the device would not take the type set in the config file but change it to aggregate?

Sorry for the long post and thanks for any help/insight you may provide.