I had the same problem. I have two FG-100Ds. Our production is running 4.3.18. Upgrade guides indicate I should be able to go from 4.3.18-5.0.10-5.2.2.
I did a factory reset on our backup FG-100D. Then did a TFTP firmware load and boot device format to 4.3.18. Worked fine. Then I restored the production firmware from our 4.3.18 system and all of the settings came over.
Next I upgraded to 5.0.10. I watched via the console and noted that some things were changed using the "diag debug config-error-log read" to show what had change. All changes were minor.
Finally I upgraded to 5.2.2, again reviewing any errors to the config the first time it reboots.
I spent the rest of the day attempting to test throughput using a temp config between port 15 and WAN 2, thus leaving my other policies intact. I could not get it to work. Finally I realized it was the ALL/ANY problem. I was simply trying to verify services would pass. I knew WAN2 was working as the Firewall registered with Fortinet and downloaded latest updates.
I could ping from the CLI to 184.108.40.206 (Google) but I could not ping via a laptop connected to port 15. Nor could I ping the IP assigned to WAN 2. I finally realized if I changed the service to "Ping" instead of "All" it worked. I also tried ALL_TCP and ALL_UDP. That also did not allow Ping because it is ICMP. So not sure how to create an "allow anything" service definition. I have a few systems that I allow that for outbound because of dynamic ports.
So I'm not sure what the default options should be. Attached is screenshot of my "General" services. Can someone else on 5.2.2 confirm this is what they have?