Fortinet Community

dgits · ‎10-16-2022

Hi everyone,

I've a strange issue with my Fortigate 60F and SD-Wan Rules.

When I go to the SD-WAN Rules, i've constanelly the loading spinning without results :

If I retry after a couple of refresh or after go to another menu the page is finally displaying the rules.

But i cannot change the order and receive an error :

I was previously with the 7.2.1 and change to 7.2.2 after the announce of fortinet to upgrade immediatly due a leak on the previous firmware but i don't think this is the cause.

At this time i can only create or delete rules and i've only tree rules : default, rule for a computer and default implicit with "source-destination IP"

Can you help me please.

dgits · ‎10-17-2022

nobody ?

esec · ‎10-17-2022

Haven´t experienced the same issue, but when I have issues in the GUI I normally do the same thing in the CLI and hopefully get a error describing why you can´t do the change in the GUI.

You can also start a SSH session to the Fortigate and run CLI debug to see what commands that are being done in the GUI -> Technical Tip: Verify configuration in CLI - Fortinet Community

If the above doesn´t solve it I would remove all SD-WAN rules and re-create them and hope that solves it.

dgits · ‎10-17-2022

Thanks esec

I've already try with new rules (with a factoryreset).

I've also try to move the SD-WAN rules (to change order) but i've still the problem (Failed to save changes). When I move a rule, nothing happens from SSH diagnose side.

When I update a rule, i've been the command with this result :

write config file success, prepare to save in flash

[__create_file_new_version:274] the new version config file '/data/./config/sys_vd_root+root.conf.gz.v000000016' is created
[symlink_config_file:341] a new version of '/data/./config/sys_vd_root+root.conf.gz' is created: /data/./config/sys_vd_root+root.conf.gz.v000000016
[symlink_config_file:385] the old version '/data/./config/sys_vd_root+root.conf.gz.v000000015' is deleted
[symlink_config_file:387] '/data/./config/sys_vd_root+root.conf.gz' has been symlink'ed to the new version '/data/./config/sys_vd_root+root.conf.gz.v000000016'. The old version '/data/./config/sys_vd_root+root.conf.gz.v000000015' has been deleted
zip config file /data/./config/sys_vd_root+root.conf.gz success!

I've also try with downgraded to the firmware 7.2.0 and that's works with this version !

So what's happening from 7.2.0 to 7.2.1 and 7.2.2 with sd-wan ??!!

The only changes I see is the ipv6 all on the implicit default rule :

esec · ‎10-17-2022

OK, really sounds like a bug. I would either create a TAC case or manage to live with this by using the CLI.

7.2.2 is still a pretty new release, with a lot of bugs..

dgits · ‎10-17-2022

ok thanks

i would make a TAC case but my forticloud license is expired, anyone can make this ?

in the meantime, I put back to the 7.0.8

Megawork · ‎10-21-2022

Same issue here.

SD WAN Rules, when moving orders.

ykenny · ‎10-31-2022

Same issue here +1 with 7.2.2

Lephongrap · ‎11-01-2022

Same issue here +1 with 7.2.2. I think we need waiting for the new update : ))

Phong Le

alif · ‎11-01-2022

The issue is identified and worked under bug ID 835089. It will be resolved in FortiOS 7.2.3 scheduled for release in November, 2022.

As a workaround, the SDWAN rules can be modified via CLI.

config system sdwan
config service
show (to view the IDs of SDWAN rules or use the GUI to identify the IDs)

move x before y
or
move x after y
end
end

where x is the ID of the SDWAN that needs to be moved, y is the ID of the SDWAN rule precede or succeed.

Regards,
SFA

Fortinet Community

SW-WAN Rules failed to save changes