Purge means that someone delete all the section config
ex
config firewall policy
edit x
next .
.
.
edit y
next
edit 10
mpla mpla
next
purge
purge will delete x,y,10
So the admin add a static route/fw policy and instead of use delete in order to delete the entry he use the purge and delete all the section
Probably an upgrade gone wrong. Upgrades do not only comprise firmware code but transformation procedures as well. Somehow these went wild, that's where the 'purge' commands come in.
The routes and OSPF config etc. is just the last part of a config file. The FGT will boot with a partial config file just fine, surprisingly.
I'd rebuild the flash disk from scratch via the boot manager (connect via serial port, stop the boot process, reformat the disk, reload firmware via TFTP, reload the config).
I would use the cfg revision to see 'exactly' what was b4 and after. The log seems to show this was a "admin" event, so if that is true at least the log systems will have the address of the user.
PCNSE
NSE
StrongSwan
Just because of the 'admin (unidentified)' message I am speculating that this is an automatic sequence of code transformation, not a manual user action. 'purge' does make sense if you want to wipe some part of the config to immediately overwrite with the intended commands.
The exact same issue happened to me. Have you found out anything about it?
Hi All,
just to close this thread, to help others concerned by this weird issue.
A customer of mine had got the same issue.
After creating a case to the FORTINET support team, post incident, it appeared that maybe the customer used the wizard to make some things. We should not use the wizard on a already configured fortigate, as it could delete / purge entire conf parts, conclusions of FORTINET Support team.
Best regards.
Alig0r
I Just did this yesterday. Oops! I remember going through the wizard to see what it did. But I don't recall hitting finish or apply. I'm assuming the cancel but changed to finish on the last step and I clicked it. Either way the logs showed my IP and similar logs were produced. Apparently it deleted all the static routes and created two new default routes with the directly connected devices. Thanks to my counterpart --TD! Saved my (_)_)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.