Skip to main content
bboudjema
Staff
bboudjema
Staff
February 4, 2026

Troubleshooting Tip: Global Database policy assignment succeeds but header/footer policies are not visible in ADOM

  • February 4, 2026
  • 0 replies
  • 216 views
Description

 

This article describes how to troubleshoot a scenario where a Global Database policy package (including header/footer policies) appears to successfully assign to an ADOM on FortiManager, but the header policies do not appear inside the ADOM. Some packages may also fail with a pre-commit database error.

 

Scope

 

FortiManager versions: 7.0, 7.2, 7.4, 7.6, 8.0.

 

Solution

 

The root cause of this behavior is related to metadata inconsistencies in the FortiManager database. When a Global Database policy package is cloned and renamed, stale metadata may remain associated with the original package and prevent FortiManager from fully committing the assignment.

 

This often happens after:

  • Global Database policy packages are cloned and renamed.

  • FortiManager Global Database has been upgraded from an earlier version.

  • The target ADOM never had header/footer policies deployed previously.

 

To check for metadata inconsistencies in the FortiManager database, run the following CLI command: 

 

diagnose cdb upgrade check invalid-global-assignment

 

This command checks and highlights any invalid global assignment entries in the CDB (configuration database) that may block proper deployment of Global Database packages.

 

Steps to follow:

  1. Access the FortiManager CLI.

  2. Perform a Backup of FortiManager configuration.

  3. Execute diagnose cdb upgrade check invalid-global-assignment.

  4. Review the output for invalid Global Database assignment entries.

 

Capture d'écran 2026-01-30 110632.png

 

The above changes will be made to the database, however it is recommended to perform a backup first.
Do you want to continue? (y/n)y

Upgrading: Remove invalid global assignment
Checking adom: WJFG...
Checking adom: DCC...
Find pkg oid: 6802, global pkg oid: 17052
Find pkg oid: 6800, global pkg oid: 17042
Find pkg oid: 6405, global pkg oid: 4490
DELETE FROM node WHERE oid in (6802, 6800, 6405);
DELETE FROM objcfg_adom_options WHERE ##parent in (6802, 6800, 6405);
DELETE FROM visibility WHERE master in (6802, 6800, 6405);
3 errors fixed
Checking adom: TEST...
3 error(s) fixed.

 

  1. Attempt to re-assign the Global Database policy package to the target ADOM.
  2. Verify that header/footer policies are now visible in the ADOM policy package:

  • Go to the ADOM.

  • Open the policy package.

  • Confirm that the header and footer sections display the expected policies.

 

In rare scenarios, residual database inconsistencies may remain. If the issue persists, run the following command to validate all CDB upgrade checks and identify any remaining issues: diagnose cdb upgrade check +all.

 

If the issue persists, create a new policy package directly in the Global Database instead of cloning an existing one, assign it to the ADOM, and verify that the header and footer policies are visible.

 

Avoid cloning Global Database policy packages unless necessary, and verify policy assignments after upgrades. Running 'diagnose cdb upgrade check invalid-global-assignment' helps detect assignment inconsistencies.

 

Related documents:

cdb

Troubleshooting Tip: How to troubleshoot Global Policy Assignment Error in FortiManager  

Technical Tip: How to check FortiManager database integrity prior to firmware upgrade

Terms & ConditionsAccessibility statement