|
In the below 'diag debug cli 7' command output, a dynamic address is being updated via the SDN connector however it is failing due to a '-173' error for the 'net-id'.
******************************************
2024-07-25 10:38:08 0: end
2024-07-25 10:38:08 0: config firewall address
2024-07-25 10:38:08 0: edit "<address name>"
2024-07-25 10:38:08 0: config list
2024-07-25 10:38:08 0: edit "10.37.0.11"
2024-07-25 10:38:08 0: set obj-id "1182421"
2024-07-25 10:38:08 -173: set net-id "example VLAN500 (10.37.0.x)"
2024-07-25 10:38:08 cmd=config firewall address
edit "<address name>"
config list
edit 10.37.0.11
set obj-id 1182421
abort
abort
*******************************
The output is showing the '-173' error due to the following cross-site scripting (XSS) characters in the net-id setting '(“ and “)'.
If attempting to configure the net-id of the address address manually, an explanation of error '-173' is shown as shown below:
FGT200E (10.x.x.x) # set net-id "example VLAN500 (10.37.0.x)"
The string contains XSS vulnerability characters
value parse error before 'DPortGroup VLAN500 '
Command fail. Return code -173
Note: Special characters <, >, (,), #, ', and " are usually not permitted in CLI. If using them, the CLI will often return an error message such as:
The string contains XSS vulnerability characters
value parse error before '%^@'
Input not as expected.
The net-id of 'example VLAN500 (10.37.0.x)' can be changed on the sending side of the sdn connector to 'example_VLAN500_10.37.0.x' which will alleviate the XSS characters and the address can be created/updated successfully on the FortiGate (receiving side).
|
