I have upgraded the FortiManager to 6.4.11 and we have fortigate firewalls with version 6.2.12 and 6.4.8.
After the upgrade when I go to create new rules Insert Above or Insert Below in fortigate firewall running 6.4.8 I get the below error message.
firewall/policy/509: logtraffic cannot be set to utm when policy action is deny.
Interestingly Policy 509 doesn't exist.
But the firewall with version 6.2.12 doesn't have any issue.
It seems to be a bug affecting fortios version 6.4.x
Anyone can confirm if it's a bug or how do I resolve the issue.
Go to Solution.
This is to inform that this behavior is a bug in FortiManager Version 6.4.11 and 7.0.6. The bug is fixed in FortiManager Version 7.0.7 as per the release notes.
Bug ID 889563
View solution in original post
Sounds like a bug. But if you're absolutely certain you do not have policy ID 509 on your FortiGate you could try running a script on the policy package in FortiManager to delete policy ID 509
config firewall policy
It doesn't help... Also noticed the same with Fortimanager running 7.0.6 version and Fortigate Firewalls running 6.4.6.
Seems to be issue with all Firewalls running FortiOS 6.4.x
I would suggest talking to TAC then.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.