FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gfranceschi
Staff
Staff
Article Id 195921

Description

This article highlights a BWL Black & White List compatibility issue between v5.2 patches.


Scope

FortiGate & JSON API.


Solution

FortiOS v5.2.5 provides Simple, Wildcard & Regex options for per-user  Black & White List.  In previous versions of v5.0 up to patch v5.2.4, FortiOS provides only Simple option for URL type per-user BWL.

Until v5.2.4, URL format for a user was:

'urls' : [ {'url':'www.fortinet.com', 'action':'exempt'},  {'url':'www.google.com', 'action':'block'}]

The type is always "simple".

Starting with v5.2.5, a type is added as "simple", "regexp" or "wildcard", URL format is as follows:

'urls' : [ {'url':'www.fortinet.com', 'type':'simple', 'action':'exempt'},  {'url':'www.google.*','type':'regexp', 'action':'block'}]

When a unit runs v5.2.5 then new URL entries are created with a type specified regexp or wildcard, if the unit is downgraded from v5.2.5 to v5.2.x, the URL BWL files will contain URL types that will not be compatible with the earlier version.

In this case, "Bad JSON request" will be received on each query to read, delete or write new URLs.

If a unit has to be downgraded, it is important to:

- delete all URL entries with a URL type not supported prior to the downgrade of the unit; get/delete will be done through JSON API.

- format the flash card and reinstall FortiOS in a previous version.

 

Contributors