Description

This article describes the cause of the error 'Cannot read properties of undefined (reading 'q_origin_key')' encountered while creating a NAC policy in Multi-VDOM mode on FortiGate

Scope

FortiGate.

Solution

Multi-VDOM mode is enabled with two VDOMs configured: root and CMD.

While creating a NAC policy in a multi-VDOM environment (say CMD VDOM), the following error may appear:' Cannot read properties of undefined (reading 'q_origin_key')'.

In the Configure FortiLink NAC settings 'fortilink' interface is selected

The interface 'fortilink' is part of root VDOM

Since the 'fortilink' interface is part of the root VDOM and the NAC policy is being configured under the CMD VDOM, where the 'fortilnk' interface is not present, this results in the error.

Even from the CLI using config switch-controller fortilink-settings, the 'fortilink' interface will not be visible in the CMD VDOM.

HUB-FW-01 (CMD) # config switch-controller fortilink-settings

HUB-FW-01 (fortilink-settings) # edit
name FortiLink settings name.

Hence, it is expected that configuring a NAC policy in the CMD VDOM will not be possible when the 'fortilink' interface is mapped to a different VDOM.

A new FortiLink interface named CMD_Fortilink was created under the CMD VDOM. Creating the NAC policy in the CMD VDOM is now successful, as the 'fortilink' interface used for the NAC policy is part of the same VDOM.

NAC Policy Setup: