Troubleshooting Tip: Error '-651: Input value is invalid' while creating firewall policy

nevan · ‎09-04-2024

Description

This article how to troubleshoot when the error code '-651: Input value is invalid' appears while creating a firewall policy.

Scope

FortiGate v7.4 and above.

Solution

While creating a firewall policy, the error code with the message '-651: Input value is invalid' may appear.

Creating the firewall policy in the CLI will give the following errors:

config firewall policy

edit 1

new entry '1' added

set name TEST11

set srcintf port1

set dstintf port4
node_check_object fail! for name port4

value parse error before 'port4'
Command fail. Return code -651

This error mostly appears when an interface from a zone is selected in the Firewall policy.

To verify the zone configuration, navigate under Network -> Interfaces, scroll down to see 'Zone', select the zone and choose 'Edit'.

To verify from the CLI console :

config system zone
show
end

If the interface belongs to the zone, it is required to use the zone instead of the interface itself inside the policy. Once the zone is selected the error will disappear.

Related article:
Technical Tip: Skipping the 'Input value is invalid' error when creating local/remote admin accounts

Troubleshooting Tip: Error '-651: Input value is invalid' while creating firewall policy

You are leaving our website