tl;dr: If you do not want to read the details. The 5.2.2 firmware changes ALL service to Protocol Number 6. The solution is navigate to Policy & Objects > Objects > Services > ALL and change Protocol Number to 0 (zero)
Testing out a FortiWiFi 30D for placement at customer’s homes. Deployed our stock 5.0 configuration to the device and sent it to the customer location. Worked great.
At one particular customer we are running 5.2 firmware to address some issues with the FortiAP. To address my internal OCD I upgraded the 30D to 5.2.2 and internal to wan traffic stopped flowing.
Jumped into debug flow
diag debug enable diag debug flow filter add x.x.x.x diag debug flow show console enable diag debug flow trace start 100 diag debug enable
And was greeted with msg=“Denied by forward policy check (policy 0)” in the console.
First Google search talked about Admin access. Not the same problem I was dealing with. Digging some more I found this helpful thread over at at the Fortinet forums.
This was my problem. The fix is to navigate to Policy & Objects > Objects > Services > ALL and change Protocol Number to 0 (zero)
There, I fixed it.