Debugging Interface Errors at Boot - Unusual Grouping of Interfaces In the Errors

Question

HiOn a Fortigate 200E running 7.4.7, I see interface errors when watching the boot from the console after restoring a saved config. All interfaces still work, but I want to eliminate the errors. diagnose debug config-error-log read>>> "edit" "byod wifi" @ 35095:system.interface.Temp Mail DMZ 2:command parse error (error -61)>>> "next" @ 35097:system.interface.Temp Mail DMZ 2:failed command (error 1)>>> "edit" "PIE" @ 35146:system.interface.LANTrunk:command parse error (error -61)>>> "next" @ 35148:system.interface.LANTrunk:failed command (error 1) I'll be removing the spaces from interface names during the edit. How do I interpret these errors? For example, the first one. Nowhere in the config does "byod wifi" interact with "Temp Mail DMZ 2". There's no config involving both of those interfaces. They don't exist next to each other anywhere in the config, so there's no missing "next" that would make them run-on in the config.The only overlap I can think of would be policies with "all" as srcaddr or dstaddr. I ran a diff-compare between the running config and the saved, and there's no difference in policies, interfaces, or objects.

AEK · Answer

This is probably because the config file you restored doesn't match the right FortiOS version (e.g.: restored a 7.6.1 backup on a 7.6.4 FortiOS).

If you want a clean config, install the right firmware version on your FGT (the same as backup file), do a factory reset, then restore the backup file.

But first make sure that your backup file doesn't contain the error inside it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded