Our FMG and FGTs are all running 7.2.8, and several months ago we upgraded the security fabric across all our devices. Now, we have a problem to where our local-in-policy will deploy once from the FortiManager, and the next change we deploy deletes the configuration that as just installed. We're trying to enable BGP to a vendor for one of our new systems over one of the VPN tunnels, but BGP is being listened to on the outside interface. I blocked tcp/179 using the local-in-policy on the outside interface, but then had to make another change after that. It's now unblocked. We have 18 FortiGates, and all have various local-in-policy configurations, but we can't make any further changes. Can someone provide guidance on what we need to do?

Thank you.