FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the error code 'object set operator error, -54 discard the setting' in the IPsec interface when there are identical subnets on both the interface and the remote-IP.
Scope
FortiGate.
Solution
Technically, the same subnet on the tunnel interface for the interface itself and on the remote-ip is not supported by the system. But the system allows it once the tunnel interface is disabled or down state. When the tunnel interface status is 'up', the system will not support the setup.
CLI:
config system interface edit <intf_name> set ip 169.254.2.1 255.255.255.0 set status down set type tunnel set remote-ip 169.254.2.10 255.255.255.0 next end
When the tunnel status brings up the following error can appear:
CLI:
config system interface edit <intf_name> set status up end object set operator error, -54 discard the setting Command fail. Return code -54
In this case, the IP planning needs to be changed or have to enable the overlap function.
CLI:
config system settings set allow-subnet-overlapenable/disable end
