Troubleshooting Tip: FortiManager unable to assign interface during the creation of a new ZONE
| Description | This article describes how to troubleshoot when FortiManager is unable to assign an interface during the creation of a new ZONE. |
| Scope | FortiManager. |
| Solution | Below is the scenario:
At FortiManager's Device Manager, the managed FortiGate creates a new Zone and assigns interface members, and fails.
Error Message: System/zone/New_Zone/ : port10 interface is used in a policy as srcintf or dstintf and cannot be a zone member.
At FortiManager' Policy & Objects, checked the Policy Package, inside firewall policy ID no.1 and no.2 used port9 interface and port10 interface.
At FortiManager, need to update the firewall policy ID no.1 and no.2 with another unused interface.
For example: Replace port9 interface with port7 interface. Replace port10 interface with port8 interface.
At FortiManager, create a new script and run it to update both the Device Database and ADOM Database.
Script Information:
config firewall policy
At FortiManager, create a new script (Run Script on = Policy Package or ADOM Database) and run it to update the ADOM Database.
After that, at FortiManager, go to Policy Package to verify the firewall policy ID no.1 and ID no.2, which are no longer using the port9 interface and the port10 interface.
At FortiManager, the new script (Run Script on = Device Database) is run to update the Device Database.
After that, at FortiManager, go to Device Manager (CLI configuration) to verify the firewall policy ID no.1 and ID no.2, which are no longer using the port9 interface and port10 interface.
After both the Device Database and ADOM Database are updated, FortiManager is able to assign the port9 interface and the port10 interface during create new ZONE.
|
