Tuesday, February 3, 2015

Fortigate upgrade v5.2.2 build 642 - no external access after update

After upgrading of our Fortigate 100D cluster to v5.2.2 build 0642 (going from v5.0 build 04429) we no longer had internet access.  Traffic from external to internal still worked fine, just internal to external failed. 

At the time while in the frantic search for what the heck happened I hadn't noticed that the only traffic that failed was traffic through policies that used the Service = ALL.  In hind site I can now see it since that explains why external to internal traffic all worked (specified services only!)

After beating my head against the wall for about 15 minutes I called Fortinet support.  Once I had a support rep on the line and said "upgraded to v5.2.2, all is lost, world is falling in around me" he instantly had an answer.
  • Click Policy & Objects
  • Objects
  • Services
  • Edit the ALL service
  • Take note of what the Protocol Number is.  In my case it was 6.
  • Change to 0
  • Click OK
Instantly all my internal to external ping monitors came back to life.

Apparently it's a known issue that can sometimes occur during the upgrade to v5.2.2 (not sure if it effects other builds).

No comments:

Post a Comment