FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to resolve the 'invalid source selector' error when pushing configuration from FortiManager to FortiGate.
Scope
FortiGate, FortiManager.
Solution
When managing FortiGates from a centralized management solution such as FortiManager, configuration will be pushed from the FortiManager side so it can be applied either to one FortiGate or to multiple FortiGates.
This is also the case for IPsec configurations. When pushing a new IPsec configuration to managed FortiGates from FortiManager, in certain conditions, the error 'invalid source selector' is seen.
In these cases, the error is linked to the Phase2 configuration of the IPsec, which needs to be checked, specifically the local and remote selectors. If, for example, an IP range of 0.0.0.0-0.0.0.0 is selected, then the error is expected. That particular range would include no IPs, and therefore, it is not allowed as a value. The range 0.0.0.0-0.0.0.0 is not equivalent to 0.0.0.0/0.
After changing the local and remote selectors to type Subnet and setting them to 0.0.0.0/0, the configuration will be pushed normally from FortiManager, and the installation wizard will complete without any errors.
