Skip to main content
nevan
Staff
nevan
Staff
February 25, 2026

Troubleshooting Tip: Configuration push from switch controller to FortiSwitch fails

  • February 25, 2026
  • 0 replies
  • 333 views
Description

This article describes how to handle configuration push failures towards the FortiSwitch via a FortiGate switch controller or via FortiManager. The failure returns the following error in the CLI:


object set operator error, -7624 discard the setting
Command fail. Return code 1
Scope FortiGate.
Solution

While pushing the configuration from FortiGate or FortiManager to the FortiSwitch the commit of the operation might fail and the error 'object set operator error, -7624 discard the setting' may observed. 

This error generally appears when the REST API login to the switch fails due to allowing HTTPS service in the switch interface. The primary workaround to resolve the issue is to allow the service to the interface in FortiSwitch.

CLI:

 

edit "internal"     set mode dhcp         set allowaccess ping https ssh snmp          set type physical         set defaultgw enable      next   end

 

Additionally, the same error can appear even after allowing the right service on the right place, due to the FortiGate 'flcfg' process failing to push the configuration to FortiSwitch. The process 'flcfg' termination in FortiOS causes configuration push towards the FortiSwitch and MAC sync fails on switches in the Sync-Error state. FortiGate caputp is possibly not connected to FortiSwitch, or FortiSwitch REST API login is not possible. 

 

Debug logs needed to be collected once the above error appears and the behavior matches what has been shared below.

In the CLI:

 

diagnose debug reset diagnose debug application flcfgd -1 diagnose debug console timestamp enable diagnose debug enable

 

To disable the debugging processes:

 

diagnose debug disable diagnose debug reset

 

Part reports that indicate the issue:


603s:710ms:442us flcfg_sync_mac[191]:flcfg_sync_mac: failed to get switch trunk info -7624 for S111FFTFXXXXXX
603s:717ms:694us flcfg_sync_lldp_nbr[195]:lldp nbr sync not set for S111FFTFXXXXXX
603s:717ms:772us flcfg_stats_switch_main[550]:
3s:830ms:84us flcfg_reap_procs[806]:child pid terminated 2604 status 0
3s:830ms:231us flcfg_proc_terminated_child[574]:found pid(2604) to msw(0 S111FFTFXXXXXX) mapping
3s:830ms:306us flcfg_proc_terminated_child[637]:config failure for (0, S111FFTFXXXXXX) type(0x2) resch(0)

 

This issue can appear in earlier FortiOS versions on 7.4 series or 7.2 series and below. This issue was resolved in FortiOS version 7.4.9.

 

If a similar error appears and the debugging prints similar reports, run below commands and contact Fortinet technical support via Welcome to Fortinet Support to verify and confirm the issue.

 

SSH to both FortiGate/FortiSwitch and run below commands.

 

FortiGate:

 

execute switch-controller get-conn-status execute switch-controller get-sync-status all execute switch-controller get-physical-conn standard execute switch-controller diagnose-connection execute dhcp lease-list diagnose debug crashlog read diagnose sys top get system performance top get system performance status diagnose hardware sysinfo memory diagnose hardware sysinfo cpu diagnose sys top-all diagnose sys top-mem diagnose sys top-sockmem diagnose debug disable diagnose debug reset ###use below commands for 5 minutes diagnose debug cli 7 diagnose debug application flcfgd -1 diagnose debug application cu_acd -1 diagnose debug application fortilinkd -1

 

FortiSwitch:

 

diagnose debug report
      Terms & ConditionsAccessibility statement