Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
masaleh
Staff
Staff

Created on ‎03-05-2025 09:46 AM

Article Id 380578

Troubleshooting Tip: FortiGate error 'Bad application ID' while configuring SD-WAN rule

Description This article describes the cause of the 'Bad application ID' error while configuring the SD-WAN rule.
Scope FortiOS, FortiManager.
Solution

While trying to configure the SD-WAN rule using the app ID either from FortiManager or locally from FortiGate:

 

config system sdwan
    config service
        edit 1
            set internet-service-app-ctrl 28554 28587 28597 43540 37065 43541 47385 54418 54419 <- app ID.
        next

 

The installation might fail due to the following error in the install log:

 

Start installing
FTG-1 config system console
FTG-1 (console) unset output
FTG-1 (console) end
FTG-1 config system sdwan
FTG-1 (sdwan) config service
FTG-1 (service) edit 1
FTG-1 (1) set internet-service-app-ctrl 28554 28587 28597 43540 37065 43541 
Bad application ID 43540 in sdwan.service.33554433.internet-service-app-ctrl
Bad application ID 43541 in sdwan.service.33554433.internet-service-app-ctrl
FTG-1 (1) next

FTG-1 (service) end
FTG-1 (sdwan) end

---> generating verification report
(vdom root: system sdwan service 1:internet-service-app-ctrl)
remote original: 28554 28587 28597 37065
to be installed: 28554 28587 28597 43540 37065 43541 
<--- done generating verification report
install failed <- Installation failed.
 
Step 1: Check from the FortiGate CLI if the App ID is in the Application Database.
 
FTG-1# config application list
FTG-1(list) # edit 0
new entry '0' added
FTG-1(0) # config entries
FTG-1(entries) # edit 0
new entry '0' added
FTG-1(0) # set application ? <- This will provide all the available App IDs present in FortiGate.
ID Select application ID
10005874 1Home.Devices
38614 1kxun
29025 1und1.Mail
[...]
 
Download the full list and search the IDs that are throwing errors.
 
Step 2: If the App ID is not seen in the list, the Application definitions might be outdated.
 
Run the command below to check the application definition version currently installed.
 
diag autoupdate version
[...]
Application Definitions
---------
Version: 30.00958 signed <- Version.
Contract Expiry Date: Fri Feb 13 2026
Last Updated using scheduled update on Tue Feb 25 06:59:00 2025 <- Last update time.
Last Update Attempt: Tue Feb 25 06:59:00 2025
Result: Updates Installed
[...]
 
Make sure the FortiGate has the latest definitions installed.
 
Step 3: If the application control definition is outdated, follow the steps in How To Upgrade Application Control Definitions Manually to update application control definitions.
 
Step 4: Once the definitions are updated, the config should not show any error.
If it does, go thorough Step 1 to identify if the ID is present or not. Sometime old IDs might be removed due to merging with another Application ID, similar to Warning message on bad application ID 48976 and 48977.
174
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.