Description
This article describes the error 'Object check operator error, -530, discard the setting' when creating firewall policy in transparent mode FortiGate.
Scope
FortiOS.
Solution
When creating a firewall policy between port1 and port2, the below error is seen and the policy is not created.
Interfaces must have the same forward domain ID in TP mode.
From zone/interface and To zone/interface must be in the same forward_domain in TP mode.
Object check operator error, -530, discard the setting.
Review the Forward Domain config for both interfaces.
edit "port1"
set vdom "root"
set allowaccess ping https ssh http telnet fgfm
set type physical
set forward-domain 1
set snmp-index 1
next
edit "port2"
set vdom "root"
set allowaccess ping https ssh http telnet fgfm
set vlanforward enable
set stpforward enable
set type physical
set forward-domain 2
set snmp-index 2
next
It can be seen that both interfaces have different Forward domains which is why the policy is not being created.
Once the forward domain is marked the same on both interfaces, post that the policy can be created.
Since it is in transparent mode to create a policy between any interface the forward domain should be the same.
