Hi,
After upgrading from 7.0.5 to 7.0.6, I noticed all my proxy policies and any configuration related to proxy service are gone. I had backed up global configuration and tried to restore it but still those proxy configurations are not back. Any bug or me-made mistake here?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey mhdganji,
these lines:
>>> "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)
>>> "next" @ 246:global.system.interface.Proxy0:failed command (error 1)
>>> "next" @ 253:global.system.interface.Proxy1:failed command (error 1)
-> they indicate that something is wrong with the vdom-link 'proxy' and the two related interfaces (proxy0 and proxy1)
The other lines, you can see it mentions 'proxy0' as destination interface:
>>> "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)
My guess is that the inter-vdom-link and interfaces for some reason did not survive the upgrade, and thus all policies relying on the interfaces did not survive the upgrade either.
It doesn't tell us WHY the inter-vdom-link has an error/doesn't exist, but you could probably fix the issue as follows:
- create a new inter-vdom-link called proxy, with proxy0/1 subinterfaces (make sure proxy0 is in the proxy VDOM)
- copy&paste the policies from the old config file into CLI
- copy&paste the static route from the old config file into CLI
Hi mhdganji,
I am not sure if its a bug. Can you see the proxy policies and configuration related to proxy services in your backed up config file?
Hi @warshad
Yes I can see them in the backup file. The parts missing after upgrade is proxy policies in the proxy VDOM (the VDOM itself remains in config) and also the VDOM links
You can give it a test too and may find it as a bug or may notice me of a problem at my side.
Hey mhdganji,
there are two diagnostic commands you can run on FortiGate CLI to get some additonal information:
#get system startup-error-log
#diag debug config-error-log read
You can refer to this KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuration-is-partially-lost-after-upgr...
That might provide some insight as to why the configuration would have been lost.
One reason may be that the VDOM was somehow switched to policy-mode instead of profile-mode; I know that more or less completely wipes the proxy configuration from experience.
Hi @Debbie_FTNT
The first command returns the text below and the seconds returns nothing
>>> "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)
>>> "next" @ 246:global.system.interface.Proxy0:failed command (error 1)
>>> "next" @ 253:global.system.interface.Proxy1:failed command (error 1)
>>> "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18236:Proxy.firewall.proxy-policy.1:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18254:Proxy.firewall.proxy-policy.9:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18273:Proxy.firewall.proxy-policy.5:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18290:Proxy.firewall.proxy-policy.2:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18307:Proxy.firewall.proxy-policy.8:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18324:Proxy.firewall.proxy-policy.10:value parse error (error -3)
>>> "set" "dstintf" "Proxy0" @ 18341:Proxy.firewall.proxy-policy.11:value parse error (error -3)
>>> "set" "device" "Proxy0" @ 18661:Proxy.router.static.1:value parse error (error -651)
>>> "next" @ 18662:Proxy.router.static.1:failed command (error 1)
Could you help me to interpret the log and find what is wrong?
I have the old config file if needed
Thanks
Hey mhdganji,
these lines:
>>> "next" @ 55:global.system.vdom-link.Proxy:failed command (error 1)
>>> "next" @ 246:global.system.interface.Proxy0:failed command (error 1)
>>> "next" @ 253:global.system.interface.Proxy1:failed command (error 1)
-> they indicate that something is wrong with the vdom-link 'proxy' and the two related interfaces (proxy0 and proxy1)
The other lines, you can see it mentions 'proxy0' as destination interface:
>>> "set" "dstintf" "Proxy0" @ 18219:Proxy.firewall.proxy-policy.3:value parse error (error -3)
My guess is that the inter-vdom-link and interfaces for some reason did not survive the upgrade, and thus all policies relying on the interfaces did not survive the upgrade either.
It doesn't tell us WHY the inter-vdom-link has an error/doesn't exist, but you could probably fix the issue as follows:
- create a new inter-vdom-link called proxy, with proxy0/1 subinterfaces (make sure proxy0 is in the proxy VDOM)
- copy&paste the policies from the old config file into CLI
- copy&paste the static route from the old config file into CLI
I already did that and corrected the problem using backup config. Somehow wanted to know and inform the forum about the probable problem and maybe to find the exact root cause.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.