Description |
This article describes how to resolve issues when trying to import the dynamic address entries (EMS or ZTNA tags) when error 'DYNAMIC_ADDRESS_UPDATE_RETVAL_CMDB_ERROR' appears.
To confirm if the FortiGateis giving this error, run below commands:
# diag debug reset
2022-11-18 10:26:06 [sys_handle_dynamic_address_update:935] Command:update (2) 2022-11-18 10:26:06 [__process_dynamic_address_entries:798] command type:2 addresses entries:6 2022-11-18 10:26:06 [__process_dynamic_address_entries:846] address after apply: [ { "uuid": "2E27C402-6352-45E5-83DD-92E73E1395ED", "tag_properties": { "name": "ZTNA-Tag1", "type": "zero_trust" }, "type": "ipblock", "values": [ ], "re sult": "DYNAMIC_ADDRESS_UPDATE_RETVAL_CMDB_ERROR" } ] 2022-11-18 10:26:06 [ec_ez_worker_process:393] Call completed with failure. obj-id: 11, desc: "REST API to get updates of tag endpoints.", entry: "api/v1/report/fct/tags". error info: Error (-1@_tags_uuid_process_result:105). Processing API failed. |
Scope |
FortiGate 7.0, 7.2 + |
Solution |
Below are a few possibilities for this issue.
A) Catastrophic configuration failure on FortiGate. To confirm this, try to create fqdn/subnet based address object on the FortiGate.
B) The FortiGate has the maximum number of addresses already. In such cases, delete un-used address objects from the FortiGate.
C) There is already an address object configured with the same name as to be imported ZTNA tag and referenced in FortiGate configuration for example in the firewall policy. In such case rename the referenced address object or change the name of ZTNA/EMS tag
Is still issue persists, create a support ticket with Fortinet TAC and provide the output of below commands:
# diag debug reset |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.