Skip to main content
DmytroKyiv
DmytroKyiv
New Member
October 9, 2025
Question

FortiManager 7.4.8 tries to push unsupported "config vpn ssl settings" to FortiWiFi-30G

  • October 9, 2025
  • 3 replies
  • 1778 views

We have a FortiWiFi-30G running FortiOS 7.4.8 managed by FortiManager 7.4.8.
During configuration installation, FortiManager tries to push the following commands:

config vpn ssl settings   set banned-cipher SHA1 SHA256 SHA384   set servercert '' end

As a result, the installation fails with:
install and save finished status=FAILED


The command config vpn ssl settings does not exist on this model (only config vpn ssl client is available).

FortiWiFi # config vpn ssl client    Client.  FortiWiFi # config vpn ssl setting command parse error before 'setting' Command fail. Return code 1

Although the error doesn’t affect the running configuration, the device always stays in Conflict state, and automatic updates do not work.

How can we remove or exclude this part (config vpn ssl settings) from the configuration template so that FortiManager stops trying to apply it?

Verification report excerpt:

---> generating verification report  (vdom root: vpn ssl settings:banned-cipher)     remote original:     to be installed: SHA1 SHA256 SHA384  (vdom root: vpn ssl settings:servercert)     remote original:     to be installed: ''  (vdom root: vpn ssl settings:status)     remote original:     to be installed: disable  <--- done generating verification report

 

Thank you in advance for your assistance on this issue.

3 replies

BillH_FTNT
Staff
BillH_FTNT
Staff
October 10, 2025

Hi @DmytroKyiv 

Is this a new device and a new installation?

Bill

    DmytroKyiv
    DmytroKyivAuthor
    New Member
    October 10, 2025

    Hi @BillH_FTNT 

    Yes, this is a new device

    And it's the first device in this series in our network.

    illorenzoditorino
    illorenzoditorino
    Explorer III
    October 14, 2025

    Well, there was an earlier bug#1119299 about that but it was fixed in 7.4.7 and 7.6.3, but you said you are running 7.4.8... better to open a ticket and check with support.

    DmytroKyiv
    DmytroKyivAuthor
    New Member
    October 14, 2025

    Thanks for the reply!

    I have several FWF-40F's and it doesn't have this problem. I think the problem is with the 30th model.

    farhanahmed
    Staff
    farhanahmed
    Staff
    October 14, 2025

    @DmytroKyiv 

    - The issue you are seeing is due to the fact that FWF-30G does not have the SSL VPN settings.
    https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-see-SSL-VPN-and-IPsec-options/ta-p/288653

    - It is a syntax issue in FMG which 'thinks' SSL VPN is valid config for this model.

    - There are no workarounds yet and it should be fixed in v7.6.5.
    - So during the install, FMG will push all the other config without any issue and you can ignore the install fail if its only due to this sslvpn settings.

      DmytroKyiv
      DmytroKyivAuthor
      New Member
      October 14, 2025

      Thanks for the reply!

      Version 7.6 is the Feature level, and I don't want to upgrade to it.
      Yes, I'm just ignoring the error for now.


      I was wondering if I could somehow remove a section of the configuration so that the FortiManager wouldn't update it.

      farhanahmed
      Staff
      farhanahmed
      Staff
      October 15, 2025

      Unfortunately, that would be a new 'feature request' to block a section of config from installing :)

      Terms & ConditionsAccessibility statement