Fortigate Firmware 5.0 to 5.2.2 results in msg=”Denied by forward policy check (policy 0)”

tl;dr: If you do not want to read the details. The 5.2.2 firmware changes ALL service to Protocol Number 6. The solution is navigate to Policy & Objects > Objects > Services > ALL and change Protocol Number to 0 (zero)

Testing out a FortiWiFi 30D for placement at customer’s homes.  Deployed our stock 5.0 configuration to the device and sent it to the customer location.  Worked great.

At one particular customer we are running 5.2 firmware to address some issues with the FortiAP. To address my internal OCD I upgraded the 30D to 5.2.2 and internal to wan traffic stopped flowing.

Jumped into debug flow

diag debug enable
diag debug flow filter add x.x.x.x
diag debug flow show console enable
diag debug flow trace start 100
diag debug enable

And was greeted with msg=“Denied by forward policy check (policy 0)” in the console.

First Google search talked about Admin access. Not the same problem I was dealing with. Digging some more I found this helpful thread over at at the Fortinet forums.

This was my problem. The fix is to navigate to Policy & Objects > Objects > Services > ALL and change Protocol Number to 0 (zero)

FortiWiFi  gatekeeper

 

 

There, I fixed it.