|
When multi-VDOM mode is enabled on a FortiGate operating in transparent mode, VDOM-related configuration is lost after a device reboot.
Sample config:
config system settings
set opmode transparent
set manageip 192.168.1.99/24
end
config system global
set vdom-mode multi-vdom
end
config vdom
edit vdom1
config system interface
edit npu0_vlink1
set vdom vdom1
end
execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)y
System is rebooting...
The system is going down NOW !!
Please stand by while rebooting the system.
Restarting system
FortiGate-601F (14:56-08.10.2022)
Ver:06000005
Serial number:FG6H1FTBXXXXXXXX
Please see details by the command 'diagnose debug config-error-log read'.
Get image from USB disk ...Can not get image from USB disk.
Get config file from USB disk OK.
Invalid config file
FortiGate login: admin
Password:
Welcome!
FortiGate # diagnose debug config-error-log read
>>> "set" "vdom-mode" "multi-vdom" @ global.system.global:value parse error (error -4101)
>>> "next" @ global.system.interface.npu0_vlink0:failed command (error 1)
>>> "next" @ global.system.interface.npu0_vlink1:failed command (error 1)
>>> "set" "hostkey-rsa2048" "g-Fortinet_SSH_RSA2048" @ vdom1.firewall.ssh.setting:value parse error (error -3)
>>> "set" "hostkey-dsa1024" "g-Fortinet_SSH_DSA1024" @ vdom1.firewall.ssh.setting:value parse error (error -3)
>>> "set" "hostkey-ecdsa256" "g-Fortinet_SSH_ECDSA256" @ vdom1.firewall.ssh.setting:value parse error (error -3)
>>> "set" "hostkey-ecdsa384" "g-Fortinet_SSH_ECDSA384" @ vdom1.firewall.ssh.setting:value parse error (error -3)
>>> "set" "hostkey-ecdsa521" "g-Fortinet_SSH_ECDSA521" @ vdom1.firewall.ssh.setting:value parse error (error -3)
>>> "set" "hostkey-ed25519" "g-Fortinet_SSH_ED25519" @ vdom1.firewall.ssh.setting:value parse error (error -3)
This issue has been resolved in v7.4.0, v7.4.8 and v7.6.0.
Workaround:
Before enabling multiple VDOM modes, ensure the FortiGate is not in transparent mode.
Logs required by FortiGate TAC for investigation.
- TAC Report: execute the tac report.
- The configuration files of the FortiGate before and after reboot:
diagnose debug config-error-log read
|
