Technical Tip: IPsec configuration failing with 'invalid source selector' when pushing template from FortiManager
| Description | This article describes how to resolve the 'invalid source selector' error when pushing configuration from FortiManager to FortiGate. |
| Scope | FortiGate, FortiManager. |
| Solution | When managing FortiGates from a centralized management solution such as FortiManager, configuration will be pushed from the FortiManager side so it can be applied either to one FortiGate or to multiple FortiGates. This is also the case for IPsec configurations. When pushing a new IPsec configuration to managed FortiGates from FortiManager, in certain conditions, the error 'invalid source selector' is seen. In these cases, the error is linked to the Phase2 configuration of the IPsec, which needs to be checked, specifically the local and remote selectors. If, for example, an IP range of 0.0.0.0-0.0.0.0 is selected, then the error is expected. That particular range would include no IPs, and therefore, it is not allowed as a value. The range 0.0.0.0-0.0.0.0 is not equivalent to 0.0.0.0/0. After changing the local and remote selectors to type Subnet and setting them to 0.0.0.0/0, the configuration will be pushed normally from FortiManager, and the installation wizard will complete without any errors. |