Skip to main content
mvlasak
Staff
mvlasak
Staff
November 29, 2024

Troubleshooting Tip: FortiManager policy package installation issue, what Information to gather and provide through a TAC Ticket

  • November 29, 2024
  • 0 replies
  • 2446 views
Description

This article describes what information and debug outputs to gather and provide through a TAC Ticket in case of a FortiManager Policy Package Installation issue.
Scope FortiManager v7.0 and above.
Solution
  1. Install FortiManager debugger tool for Chrome:
    Download FortiManager Debugger for Chrome
    Technical Tip: How to Install the FortiManager/FortiAnalyzer Debugger for Chrome in a closed environment (without internet access) 
    Technical Tip : How to use Debugger for Chrome

  2. Log in to the FortiManager web UI and start screen capture using the FortiManager Debugger for Chrome extension.
    In the FortiManager web UI, navigate to System Settings and display the ADOM settings, then review all relevant objects, policy packages, and template settings related to the reported issue.

     

Note:
In Device Manager, go to the FortiGate Dashboard widget 'Configuration and Installation'. In the Total Revision section, perform a Retrieve Config action. (If the configuration is valid, this will change the Device Config Status to Synchronized.)

  1. Open an SSH session to FortiManager or open FortiManager web CLIconsole (located in right upper corner '>_') and run the following command:

diagnose debug reset
get system status
get system performance
diagnose cdb upgrade summary
diagnose debug enable
diagnose debug timestamp enable
diagnose debug dpm conf enable
diagnose dvm debug enable all
diagnose debug application securityconsole 255
diagnose debug application depmanager 255

Note:

Keep the SSH session running.

  1. Start the Install Wizard and choose' Policy Package & Device Settings'. Select the correct Policy Package and start the installation by selecting the 'Next' button. In the next step, select the correct FortiGate and proceed by selecting 'Next'.
    In the following step, open the Install Preview and save it as a text file. Then complete the installation by selecting the 'Install' button. Once the installation is finished, do not close the Install Wizard window; instead, select the device, open the Install Log, and save it as a text file.

  2. Once the issue is reproduced, stop screen capturing in the debugger; it creates a debugger output file.

  3. Stop debugging in the SSH session via a CLI command:

 

diagnose debug disable

And save the SSH session output to a text file.

  1. Download FortiManager backup.

  2. Download FortiGate backup via the FortiGate web UI.

  3. Collect the complete output of the FortiManager CLI command:

 

execute tac report

  1. Collect the output of the following FortiManager CLI command:

     

diagnose pm2 check-integrity all

 

Note: This command is not included in the TAC report and is required to identify integrity issues in FortiManager internal databases (device DB, ADOM DB, global DB, task DB, IPS DB, NCM DB).

 

  1. Update the TAC ticket with the following files completed via steps 2-9 above:
  • Complete TAC report.
  • FortiManager backup (including backup password).
  • SSH session with debug output.
  • Debugger for Chrome output file.
  • Installation preview, install log file, or log file with error.
  • FortiGate config file.

 

Related articles:

Technical Tip: Required information for TAC tickets

Technical Tip: How to create a log file of a session using PuTTY
      Terms & ConditionsAccessibility statement