Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
srappaport
New Contributor

Changing Address names

I don' t recall ever having this problem on earlier firmware versions, but here is what I have just found on my FortiGate 200B-POE running v4.0 build 6390,100921 (MR2 Patch 2): I decided I wanted to change the name of a couple of addresses that are in use in firewall policies. I changed a name slightly in the Web interface and when I submitted it, I received an error that the name was " In Use." I clicked OK and got a second error simply stating, " Not Found." However, it brought me back to the address list and the change was successfully applied. I made another change to a different address and the same two errors came up but it also made the change successfully. All policies still worked fine. Fast forward to 2 days later when I rebooted the Fortigate and traffic was suddenly not flowing. I checked the policies and any reference to the two names that were modified were replaced with blanks, meaning the source or destination field was completely empty on these policies. I had to edit each one and pick the appropriate address (the new names) and then everything was back to normal. I was surprised that the Fortigate could not automatically change any policies referring to the addresses that were modified. As I said, I' m pretty sure I' ve made such changes on other Fortigates with older firmware and this never happened. So, is this by design or a bug? Because I am using the FortiAPs, I can' t arbitrarily upgrade/downgrade the Fortigate' s firmware without a matching AP firmware as well. Thanks.
5 REPLIES 5
Paul_Dean
Contributor

I' ve seen similar behaviour with MR2 software. It complains about not being able to change the name but then changes it anyway. Never had it come back blank though. In 3.0 you could change address names.
NSE4
NSE4
srappaport

Thanks for the input, guys. Paul, the src/dst fields in the policies didn' t show up blank until the firewall was actually rebooted. Up until that point, everything continues to work fine, so if I wasn' t physically moving this unit around forcing me to power off, I might not have found out until months down the road. Ede, I believe I am at the latest firmware pair for the 200B-POE and FortiAPs, so I can' t upgrade until they release Patch 4 on this branch.
rwpatterson
Valued Contributor III

Is the configuration set to auto save?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
srappaport

Yes, and rebooting does not affect any recently made config changes except for changed address names within firewall policies.
ede_pfau
Esteemed Contributor III

This is almost certainly a bug. No problem here running v4.0,build0313,110301 (MR2 Patch 4). I' d upgrade if the AP' s firmware is available, too.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors