Technical Tip: Error 'Can not create query, check_...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 374225

Description

This article addresses an issue where FortiGate presents an error 'Can not create query, check_create_cmf_query, firewall' after the firmware upgrade to v7.4.3 or higher.

Scope

FortiGate.

Solution

Before upgrading to v7.4.3 or higher and during subsequent device reboots, FortiGate may print the following error on the console screen frequently with no impact on operations.

Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu...
.............................

Reading boot image 6066239 bytes.
Initializing firewall...
System is starting...
Can not create query, check_create_cmf_query, firewall, ippool_grp, pid=3847(cmdbsvr_iprope)
Can not create query, check_create_cmf_query, firewall, ippool_grp, pid=3862(cmdbsvr_iprope)

These errors occur on platforms with the Hardware-accelerated carrier-grade NAT feature, such as the FortiGate-1800F/1801F (without a hyperscale license), only during upgrades or reboots, when the configuration is reinstalled.

This issue has been resolved in v7.4.8 and v7.6.1.

1366

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Error 'Can not create query, check_create_cmf_query, firewall, and ippool_grp' is Displayed on FortiGate Console

You are leaving our website