Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
YBKruthi
Staff
Staff

Created on ‎08-20-2023 11:32 PM

Article Id 269498

Technical Tip: SD-WAN interface not visible after upgrade to 7.2.5 & 7.4.0

 

Description This article describes workaround steps to follow if an issue appears with the SD-WAN interface that is not visible after upgrading to version 7.2.5/7.4.0.
Scope FortiGate.
Solution

Run into cosmetic issue post upgrade to version 7.2.5/7.4.0.

 

Problem Description: 

  • Unable to see 'virtual-wan-link' as a valid source/destination Interface when editing or creating firewall policy from GUI:

 

Fortigate_AMI_Erreur.png

  •  SD-WAN zone is not showing up in Network -> Interfaces from GUI.

 

Fortigate_AMI_Erreur_2.png

 

 

  • Editing and creating a firewall policy with 'virtual-wan-link' as the source/destination interface is possible from CLI:

 

----------------------------------------------------------------------

set name "WIFI-AMI-Visiteurs_To_WAN"
set uuid 7e66ed90-9000-51ec-ed04-a16404ef4b41
set srcintf "AMI-Visiteurs"
set dstintf "virtual-wan-link"   <<<<<<<<<<<<<<<
set action accept
set srcaddr "AMI_WIFI_AMI_Visiteurs"
set dstaddr "all"
set schedule "always"
set service "ALL" 

set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set webfilter-profile "default"
set dnsfilter-profile "default"
set logtraffic all
set nat enable

--------------------------------------------------------------------

 

Condition:

  • The issue is specific to Hardware devices and is not observed on virtual machines.
  •  This is a cosmetic bug scenario that will not affect the production traffic. However, creating new policies on GUI will not show the SD-WAN interface to be mapped under the destination.
  • There are no concerns with the CLI and is functional. Even it will be possible to see the SD-WAN interface.

 

Workaround:

  • Creating a new dummy SD-WAN zone, virtual-wan-link will be visible and possible to be configured in firewall policy from GUI:

 

-------------------------------

config system sdwan
    config zone
        edit "DUMMY"
    next
end

--------------------------------

 

  • The dummy zone is visible under SD-WAN zones. However, is not mapped under any firewall policy.
  • Post the above change, it will be possible to see all the lost SD-WAN interfaces available on the GUI under the firewall policy.

 

Permanent Solution:

  • This cosmetic bug is resolved with the upgrade to version 7.2.6/7.4.1

 

2182
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.