Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
J_Pok
New Contributor

UTM Profiles gone after 4.0MR2?

I am a basic SOHO user and bother with stable firmware upgrades only once or twice a year. I am currently on 4.2.11 and figured that it was time. So I did a test upgrade to the latest 4.3 as well as the current 5.0. In both upgrades, I could not figure how to create new UTM profiles in the GUI - i.e. new named profiles with different groups of settings. However, my previous custom profiles for each UTM were listed in a pull down, but I cannot assign to FW policies. Anyone know if this is now strictly a cli feature, gone as a GUI feature or being phased out entirely?
5 REPLIES 5
Dave_Hall
Honored Contributor

When upgrading from 4.2.x to 4.3 or 5.0, change any space chars that you may have in labels or policy names to non-space (e.g. like underscore) before upgrading. After the upgrade check to see (from the CLI) what was messed up via " diag debug config-error-log read" . When upgrading, it is advisable to follow the upgrade path outlined in the update notes that accompany each firmware release. Usually, you can not jump from 4.2.x to 4.3.10. As an example you may need to go something like 4.2.x->4.3.0->4.3.5->4.3.10. edit: UTM profiles are not gone. To clarify, you create the various UTM profiles items under UTM then apply them via Firewall->Policy->Create/edit a policy->check UTM->check a UTM item.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Maik
New Contributor II

it' s still possible to group those varius profiles to a single profile group and apply that to a policy. Due the upgrade, your current profiles are already grouped (That' s why you cannot delete them even they are not applied in a policy) in 4.3 this was a CLI thing. i' m not sure about 5, but I think i saw a " profile group" entry somewhere in the GUI tree.
J_Pok
New Contributor

@Maik I did not even know of profile groups, but will check - may be useful. Following my original post, I was able to confirm that 4.0MR3P11 works fine as expected - similar to v4.0MR2. However, v5.0 does not and may be buggy.
J_Pok

@Dave Thanks for the clear and straightforward response - very helpful. I cleaned up all names to remove spaces and did the following upgrades: 4.0MR2P11 --> 4.0MR2P12 --> 4.0MR3P5 --> 4.0MR3P11 Observations: 4.0MR3P11 - all looks good for now - including UTM profiles. v5.0.0 - after 3 separate upgrades, original problem remains - no means of creating UTM profiles via GUI - seems to be a bug. I could open ticket if someone else could confirm. I will stay with 4.0MR3P11 for now.
Jordan_Thompson_FTNT

On desktop platforms, only one of each UTM profile is available on the GUI by default. To change this, enable " multiple UTM profiles" from the system->admin->settings page.
Labels
Top Kudoed Authors