Troubleshooting Tip: How to troubleshoot TCL script failure in FortiManager

Description

This article describes how when a TCL Script is running in FortiManager, it is possible to see that it will not install it due to errors like 'running tcl script failed. Reason: Run script fail'.

Follow the recommendations below.

Scope

FortiManager.

Solution

Make sure the FortiGate has an updated and valid user/password under 'Device Manager' of the FortiManager.

Try to log in using the CLI Widget using System Information under the 'Device manager' of the FortiManager.

Make sure to have connectivity with the user and consider that if the user has a Trusted host enabled, it is necessary to add the network segment 169.254.0.0/24.

After validating the user/password and ensuring connectivity is acceptable, it is necessary to know that all TCL scripts may fail due to an invalid command being used.

It is possible to get more details in FortiGate by running the following command.

Share output with TAC support if there are any reasons why it is failing.

diagnose debug cli 8

diagnose debug application sshd -1

diagnose debug enable

Related document:

• TCL scripts
• Technical Tip: How to use TCL script to create static routes by fetching gateway IP from an existing route
• Technical Tip: Use TCL Script in FortiManager to set source IP in FortiGate config by fetching FortiGate interface IP addresses
• Technical Tip: How to use the Tcl script in FortiManager for bulk FortiAP configuration changes