Troubleshooting Tip: How to troubleshoot when the 'fmpolicy' commands return empty output
| Description | This article describes troubleshooting steps and checks when there are no outputs when using the execute fmpolicy commands. |
| Scope | FortiManager. |
| Solution | The commands are used for policy-related management, and 'print' commands are used to display the policy or object configuration in the CLI format.
More details of the commands can be found in our official documentation:
The image below showcases the uses of the command 'execute fmpolicy print-device-object <ADOM Name> <FortiGate Name> <VDOM Name> <Object Type> all|list', but it does not show any output:
However, there are policy packages, as in the image screenshot, but not the output. Note that the command is 'print-device-object', so it does not contain the output meant for the page Policy & Objects -> Policy Package.
To view the policy packages configuration, the following commands should be used:
execute fmpolicy print-adom-package <ADOM Name> <Package Name> <Object Type> all|list
The command 'print-device' in general refers to the Device Database. So, if the output is empty, the first thing needed to be checked is the device database by navigating to Device Manager -> Select Device -> Select the VDOM.
In this case, the 'CLI Configuration' tab needed to be checked as the firewall policy belongs in the tab. Upon searching, the firewall policy inside the database is empty, so the command is expected to return empty.
To overcome this issue, perform a retrieval of the device through GUI or CLI commands. The details of the steps can be found in the following article: Technical Tip: Retrieve configuration file using GUI or CLI from a FortiManager
Afterwards, running the 'print-device' should provide the output according to the device manager. |
