FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes response error codes when REST-API.
Scope All FortiOS

When REST-API is being used in FortiGate to retrieve or edit configuration, there might be an error response from the FortiGate as below.




Error code '-651' explains that invalid value is being used with the REST-API syntax.


Refer to all error codes.


"-1":"Invalid length of value.",
"-2":"Index out of range.",
"-3":"Entry not found.",
"-4":"Maximum number of entries has been reached.",
"-5":"A duplicate entry already exists.",
"-6":"Failed memory allocation.",
"-7":"Value conflicts with system settings.",
"-8":"Invalid IP Address.",
"-9":"Invalid IP Netmask.",
"-10":"Invalid gateway address.",
"-11":"Incorrect hexidecimal entry. Must use 2 hex digits in the range ,0-9, ,A-F.",
"-12":"Invalid IPSEC auto algorithm chosen.",
"-13":"Invalid Timeout value. Should be in the range ,1-480.",
"-14":"Permission denied. Insufficient privileges.",
"-15":"Duplicate entry found.",
"-16":"Blank or incorrect address entry.",
"-17":"Incorrect address name.",
"-18":"Incorrect service value.",
"-19":"Incorrect schedule value.",
"-20":"Blank entry.",
"-21":"Invalid IPsec tunnel.",
"-22":"Invalid IPsec tunnel.",
"-23":"Entry is used.",
"-24":"Error opening file.",
"-25":"Error reading from shared memory.",
"-26":"File error.",
"-27":"Error opening IP-MAC info file.",
"-28":"File is not an update file.",
"-29":"Failed to update routing information.",
"-30":"Invalid username or password.",
"-31":"Invalid old password.",
"-32":"Invalid PIN number",
"-33":"Invalid MAC address.",
"-34":"Duplicate remote gateway.",
"-35":"Duplicate destination in VPN policy",
"-36":"Duplicate or invalid VIP mapping.",
"-37":"Permission denied.",
"-38":"Download file does not exist.",
"-39":"Configuration file error.",
"-40":"Invalid DHCP range. Start address is greater than end address.",
"-41":"Invalid service group.",
"-42":"DMZ->Internal virtual IP mapping is not allowed.",
"-43":"Cannot use the external interface's IP as a virtual IP.",
"-44":"Set RADIUS info before enabling RADIUS",
"-45":"Invalid IP range.",
"-46":"Invalid zone.",
"-47":"Replacement message is too large.",
"-48":"The end time should be later than the start time.",
"-49":"The password must conform to the system password policy.",
"-50":"Input is in invalid format.",
"-51":"Out of length. Max length is 80 western characters.",
"-52":"Upload file is too big or invalid.",
"-53":"Banned word used has an invalid character.",
"-54":"IP address is in same subnet as the others.",
"-55":"Duplicate default gateway.",
"-56":"Empty values are not allowed.",
"-57":"Server error.",
"-58":"PPPOE permission deny.",
"-59":"PPPOE is trying.",
"-60":"PPPOE password error.",
"-61":"Input not as expected.",
"-62":"One time schedule stop time should be later than the current time.",
"-63":"FortiGuard- AV update failed.",
"-64":"IPS update failed.",
"-65":"Unable to uncompress the tar file you provided.",
"-66":"Unable to uncompress the gz file you provided.",
"-67":"Cannot create tmp directory.",
"-68":"Upload file should contain the migadmin and bin directories.",
"-69":"Unable to activate the key you provided.",
"-70":"Cannot enable the smartfilter categories.",
"-71":"Failed to update the smartfilter.",
"-72":"Field value exceeds the maximum number of characters.",
"-73":"End IP cannot be smaller than the start IP.",
"-74":"The last download operation has not ended yet, please wait until it finishes.",
"-75":"DHCP range has conflict with IP/MAC binding.",
"-76":"DHCP relay cannot be created because DHCP server of same type already exists on that interface.",
"-77":"DHCP server cannot be created because DHCP relay of same type already exists on that interface.",
"-78":"DHCP over IPSEC service created conflicts with another DHCP over IPSEC service on VPN's internal interface.",
"-79":"Internal error in ipsec.",
"-80":"No route to the remote gateway.",
"-81":"No tunnel.",
"-82":"Tunnel already exists",
"-83":"SPI already exists.",
"-84":"No route or SPI already exists.",
"-85":"Firewall has all the updates found in the given file.",
"-86":"File does not contain any updates for this feature.",
"-87":"IMAGE crc error.",
"-88":"Vlan name error.",
"-89":"Invalid number.",
"-90":"Invalid IP pool name.",
"-91":"IP pool address should match the interface.",
"-92":"Invalid external service port. It has been occupied by system.",
"-93":"Connection config error",
"-94":"The user group cannot be deleted because it is in use by one of the policies.",
"-95":"The user group cannot be deleted because it is in use by PPTP.",
"-96":"The user group cannot be deleted because it is in use by L2TP.",
"-97":"The radius cannot be deleted because it is in use by one of the users.",
"-98":"There is no such user group name.",
"-99":"The radius cannot be deleted because it is in use by one of the groups.",
"-100":"A duplicate user name already exists.",
"-101":"A duplicate remote server name already exists.",
"-102":"The route gateway is used by policy route.",
"-103":"The gateway 1 is not a valid gateway.",
"-104":"The gateway 0000002 is not a valid gateway.",
"-105":"The gateway 3 is not a valid gateway.",
"-106":"The gateway 4 is not a valid gateway.",
"-107":"The user group cannot be deleted because it is in use by IPSEC.",
"-108":"Update center cannot be both empty.",
"-109":"Invalid email address.",
"-110":"The keylife value cannot be smaller than 120 seconds.",
"-111":"FortiGuard - AV update unauthorized.",
"-112":"IPS update unauthorized.",
"-113":"The keylife value cannot be bigger than 172800 seconds.",
"-114":"The keep-alive frequency cannot be longer than 900 seconds.",
"-115":"The gateway is not a valid gateway.",
"-116":"Please enter an external interface name.",
"-117":"Remote IP must be set if IP is defined.",
"-118":"IP must be set if remote IP is defined.",
"-119":"Blank or incorrect schedule entry.",
"-122":"The VLAN is not in the same zone as the address.",
"-123":"Invalid day input.",
"-124":"Invalid hour input.",
"-125":"Minute should be 00, 15, 30 and 45 only.",
"-126":"Update center cannot both be empty.",
"-127":"Invalid admin timeout.",
"-128":"Invalid auth timeout.",
"-129":"PIN number length should be 6 digits.",
"-130":"Invalid date input.",
"-131":"Invalid year input.",
"-132":"Invalid month input.",
"-133":"Invalid day input.",
"-134":"Invalid time input.",
"-135":"Invalid hour input.",
"-136":"Invalid minute input.",
"-137":"Invalid second input.",
"-138":"The gateway peerid cannot be same as the localid or peerid in any other gateway settings.",
"-139":"The IP pool range cannot be larger than a class A subnet.",
"-140":"Missing the ipsec phase1 dpd value.",
"-141":"Missing the ipsec phase1 dpd idleworry value.",
"-142":"Missing the ipsec phase1 dpd retrycount value.",
"-143":"Missing the ipsec phase1 dpd retryinterval value.",
"-144":"Missing the ipsec phase1 dpd idlecleanup value.",
"-145":"The imported local certificate is invalid",
"-146":"The imported CA certificate is invalid",
"-147":"The certificate is being used",
"-148":"Rules file format error.",
"-149":"User group does not exist.",
"-150":"Log level out of range.",
"-151":"The certificate does not exist.",
"-152":"Invalid encryption key.",
"-153":"Invalid authentication key.",
"-154":"Bridge management IP and HA port IP cannot be in the same subnet. Please change either IP address.",
"-155":"Keylife KBytes value must be greater than 5120.",
"-156":"The IP pool range overlapped an existing IP pool range.",
"-157":"This interface cannot be assigned to a zone because it is currently being used by a policy.",
"-158":"Invalid VLAN ID",
"-161":"The primary and secondary IP cannot be the same.",
"-162":"Service names and service group names cannot be the same.",
"-163":"Address names and address group names cannot be the same.",
"-164":"Address names and virtual IP names cannot be the same.",
"-165":"Address group names and virtual IP names cannot be the same.",
"-166":"The name is too long.",
"-167":"Failed to import pkcs12 file.",
"-168":"Could not export pkcs12 file.",
"-169":"Your traffic shaping maximum bandwidth must be greater than your guaranteed bandwidth.",
"-170":"Invalid SMTP mail server format.",
"-171":"Invalid SMTP mail user format.",
"-172":"No password for authentication",
"-173":"The string contains XSS vulnerability characters.",
"-175":"Max size of log file must be in the range 1 and 1024",
"-176":"This ippool is being used by a policy",
"-177":"Moving a policy from one interface/zone pair to a different interface/zone pair is not permitted",
"-178":"Moving a policy from one interface/zone to a different interface/zone is not permitted",
"-180":"We are unable to send your update request.",
"-181":"Upload file is too big, only part of it is saved.",
"-183":"Incorrect upload file or the file is empty.",
"-184":"Some duplicate entries in the upload file have been removed.",
"-185":"Too many regular expression entries were present in the upload file, only part of them were saved.",
"-186":"Maximum number of regular expression entries has been reached.",
"-187":"End Point pattern exceeds the maximum length",
"-188":"Cannot have both HA and sessio-sync turned on.",
"-190":"Too many interfaces to detect.",
"-203":"Invalid Username or Password.",
"-204":"Invalid Username or Password.",
"-210":"Interface is not in manual addressing mode.",
"-211":"Interface is not in dhcp or pppoe addressing mode.",
"-212":"Interface is not in dhcp addressing mode.",
"-213":"Interface is not in pppoe addressing mode.",
"-214":"DHCP Server is not enabled on the interface.",
"-215":"Invalid interface name.",
"-216":"DHCP Client has not connected to DHCP server.",
"-217":"Cannot set mode to DHCP or PPPoE when HA is on.",
"-218":"Interface speed cannot be set for aggregated interfaces.",
"-220":"Missing interface keyword or parameter.",
"-221":"Missing scope keyword or parameter.",
"-222":"Missing IP range keyword or parameter.",
"-223":"Missing netmask keyword or parameter.",
"-224":"Scope name already exists",
"-230":"Start IP, end IP, and default gateway are not in the same subnet.",
"-231":"Start IP and end IP cannot be in the same subnet with other scopes.",
"-232":"Start IP and end IP cannot be changed to different subnet.",
"-233":"Start IP and end IP conflict with excluded IP range configuration.",
"-234":"Start IP and end IP conflict with reserved IP-MAC configuration.",
"-235":"Scope IP pool conflicts with system IP-MAC binding configuration.",
"-236":"A regular(Ethernet) DHCP server can not be configured on an interface without a static IP.",
"-240":"Invalid DHCP lease time.",
"-241":"Invalid default gateway IP address.",
"-242":"Invalid DNS IP address.",
"-243":"Invalid WINS IP address.",
"-244":"Invalid exclude IP address.",
"-245":"Invalid exclude IP range.",
"-250":"Duplicated IP in reserved IP/MAC pair.",
"-251":"Duplicated MAC address in reserved IP/MAC pair.",
"-252":"Invalid port.",
"-253":"Conflicted IP timeout must be between 60 and 8640000 seconds.",
"-254":"Invalid IPv6 prefix.",
"-255":"Invalid IPv6 address.",
"-257":"Invalid hostname.",
"-292":"Reached maximum number of real servers for this VIP",
"-300":"Email banned word operation failed.",
"-301":"Invalid email banned word.",
"-302":"Error importing remote certificate.",
"-303":"SCEP certificate enrollment failed.",
"-310":"Virtual IP group names and virtual IP names cannot be the same.",
"-311":"Virtual IP group names and address names cannot be the same.",
"-312":"Virtual IP group names and address group names cannot be the same.",
"-313":"The bookmark group could not be deleted because it is used by one of the SSLVPN user groups.",
"-314":"At least one SSL VPN web application needs to be enabled.",
"-315":"Archived file does not exist on Disk.",
"-350":"Invalid ICMP type.",
"-351":"Invalid ICMP code.",
"-352":"This ICMP code does not exist for the ICMP type.",
"-353":"This ICMP type does not have code.",
"-354":"The IP protocol number is not allowed here.",
"-360":"Cmdb commands timeout.",
"-361":"The cmdb add entry failed.",
"-363":"Invalid port range.",
"-375":"A radius server in this vdom is used by wireless setting.",
"-376":"vdom contains vdom-link.",
"-377":"Invalid IPsec transform. Encryption and authentication cannot both be NULL.",
"-390":"Invalid GTP RAI value",
"-392":"Invalid GTP IMEI value",
"-393":"Carrier feature license invalid or not present",
"-400":"Invalid ping server IP.",
"-506":"Interface IP overlap.",
"-508":"Please input a valid interface IP.",
"-509":"The interface is not allowed to change the zone because one of the policies depends on it.",
"-513":"Duplicate virtual domain name.",
"-514":"Virtual domains still in use can not be deleted.",
"-515":"The name is a reserved keyword by the system.",
"-516":"AV profile is empty.",
"-519":"interface name cannot be the same as VDOM.",
"-520":"VLAN MTU cannot be larger than it's physical interface's MTU.",
"-521":"Physical interface MTU cannot be smaller than it's VLAN interface's MTU.",
"-522":"VLAN ID or physical interface cannot be changed once a VLAN has been created.",
"-523":"Virtual domain license exceeded.",
"-525":"Timeout should be between 0 and 65535 seconds.",
"-526":"Another DHCP server with a lease range of the same subnet ID already exists.",
"-527":"The interface name for a DHCP server can't be more than 14 characters.",
"-528":"The client interface name for a DHCP relay can't be more than 14 characters.",
"-529":"An ActiveDirectory group on this server is being used by a user group.",
"-530":"Interfaces must have the same forward domain ID in TP mode.",
"-531":"PPTP timeout must be between 0 and 65535 minutes.",
"-540":"Invalid IP range. The specified IPs must be contained on the same 24- bit subnet (x.x.x.1- x.x.x.254).",
"-541":"Invalid IP range. The L2TP and PPTP address ranges must not overlap.",
"-542":"The imported CRL certificate is invalid.",
"-550":"Cannot enable HTTPS redirect because Forticlient checking is enabled in some policy.",
"-551":"Cannot enable Forticlient checking because authentication is redirected to HTTPS.",
"-552":"Cannot create interface with name that could conflict with interfaces created by changing internal-switch-mode.",
"-553":"Name conflicts with an interface, vdom, switc-interface, zone, or interface name used for hardware switch interfaces.",
"-554":"Switch-interface memebers cannot be changed once the switch has been created.",
"-555":"Software switch interfaces are not permitted in transparent mode.",
"-560":"Supplied name is a reserved keyword and cannot be used.",
"-561":"Registering device to FMG fail.",
"-562":"Please select an endpoint NAC profile.",
"-563":"Please select an application detection list.",
"-564":"Invalid FortiClient license key.",
"-565":"A specific application must be selected for 'Not Installed' or 'Not Running' rules with a 'Deny' action.",
"-580":"The vdom property limit has been reached.",
"-581":"Must delete one replacemsg group otherwise it will exceed group limit after vdom enable.",
"-659":"Can not change to TP mode because this vdom has at least one vdom - link or loopback interface",
"-600":"Invalid category or group.",
"-602":"Invalid reporting time range.",
"-603":"Invalid number of arguments specified.",
"-604":"FortiGuard Web Filtering reports are unavailable on units without hard drives.",
"-605":"That protection profile does not exist.",
"-606":"An unknown error occurred while processing the configuration request.",
"-607":"Invalid duration.",
"-608":"Invalid date/time format. The date and time must be 'yyyy/mm/dd hh:mm:ss'.",
"-609":"The specified expiry date is invalid. It must be from 5 minutes to 365 days in the future.",
"-610":"Invalid local category ID (must be in the range 96 - 127).",
"-611":"Invalid override authentication port (must be in the range 1-65535 excluding 80 and 443).",
"-612":"Invalid cache time-to-live (must be in the range 300-86400 seconds).",
"-613":"Invalid cache memory usage limit (must be in the range 2-15%).",
"-614":"Only a domain name can be specified for this rule type. Either specify only the domain name or change the type to directory.",
"-615":"The HTTP and HTTPS override authentication ports cannot overlap.",
"-650":"The integer value is not within valid range.",
"-651":"Input value is invalid.",
"-652":"Some of the filter elements specified are mutually exclusive.",
"-653":"Invalid regular expression.",
"-658":"Question marks are not allowed in simple URL Filter entries.",
"-690":"You must have at least one authentication method enabled.",
"-701":"Wrong Group type in group definition.",
"-702":"Group id out of range in group definition.",
"-703":"Unknown keyword.",
"-704":"Keyword in wrong sequence or the mandatory keywords are missing.",
"-705":"Wrong value for given keyword.",
"-706":"Missing start \"(\" in rule definition.",
"-707":"Missing start \")\" in rule definition.",
"-708":"Missing default value for given parameter.",
"-709":"IPS rule definition is incomplete.",
"-710":"Missing required keyword.",
"-711":"Unknown signature format.",
"-712":"The user-defined rule name is invalid.",
"-713":"Input value is invalid.",
"-800":"The SSL VPN session zone cannot be deleted because it is in use by one of the policies.",
"-901":"Backup failed, please try again",
"-902":"Restore failed, please try again",
"-950":"Invalid timeout.",
"-951":"Protocol mismatch",
"-952":"Invalid DLP action",
"-953":"Invalid DLP archive setting",
"-1000":"The operation mode has been changed.",
"-1001":"Invalid number of arguments.",
"-1002":"Invalid key size.",
"-1003":"Invalid key.",
"-1004":"Cannot update license file.",
"-1010":"Login Disclaimer Declined.",
"-1100":"Invalid FortiClient Installer.",
"-1101":"FortiGuard service is unavailable.",
"-1102":"Downloading ForitClient installer from FortiGuard timed out.",
"-2001":"Your password must be at least 1 character long.",
"-2002":"Your password cannot contain the following characters: ~ ! # % ^ & *+`\':()[]{}\<>|/",
"-2003":"The password entries do not match.",
"-2004":"Your name is invalid.",
"-2006":"Your password must be at least 8 characters long.",
"-2007":"SSLVPN port and HTTPS admin port clash on same IP address",
"-2008":"Destination address of split tunneling policy is invalid.",
"-2009":"Please select at least one client check option when client check is enabled.",
"-2011":"At least one IP pool must be specified for SSL VPN tunnel mode.",
"-3000":"Internal error processing requested file.",
"-3001":"Line #%d in the uploaded file is too long.",
"-3002":"Uploaded file contains binary symbols around line #%d.",
"-3003":"Out of temporary space.",
"-3004":"Line #%d in the uploaded file has an invalid format.",
"-3005":"Line #%d in the uploaded file contains an invalid language ID.",
"-3199":"Unable to retrieve FortiAnalyzer status.",
"-3200":"FortiAnalyzer IP is not valid",
"-3201":"FortiAnalyzer IP is used by other settings",
"-3202":"Cannot connect to FortiAnalyzer",
"-3203":"FortiAnalyzer version does not recognize remote log viewing request",
"-3204":"FortiAnalyzer is used by other settings",
"-3205":"Error reading FortiAnalyzer report files.",
"-3206":"Please configure a FortiAnalyzer device.",
"-3207":"Archived file does not exist on FortiAnalyzer device.",
"-3208":"Invalid option on FortiAnalyzer",
"-3209":"Communication error with FortiAnalyzer device.",
"-3210":"Hello holdtime must not be less than hello interval.",
"-3211":"You must set a BSR interface if you are a BSR candidate.",
"-3212":"You must set a RP candidate interface if you are a RP candidate.",
"-3213":"You must set the source override interface.",
"-3214":"Query interval must be greater than Query max response time.",
"-3215":"Inputted IP is not a multicast IP address.",
"-3216":"Multicast route threshold must not exceed multicast route limit.",
"-3220":"Report name is already in use.",
"-3221":"Access permissions are disabled on the FortiAnalyzer.",
"-3222":"No available reports on the FortiAnalyzer.",
"-3230":"Cannot connect to FortiGuard",
"-3231":"FortiGuard version does not recognize remote log viewing request",
"-3232":"There was an error when purging FortiGuard logs.",
"-3233":"Archived file does not exist on FortiGuard Service device.",
"-3234":"Invalid option on FortiGuard Servic",
"-3235":"Communication error with FortiGuard Service device.",
"-3240":"Unable to update FortiGuard Analysis & Management Service license information.",
"-3241":"Error requesting image form the management station",
"-3242":"Error downloading image from the management station",
"-3243":"Error saving configuration to the management station",
"-3244":"Error retrieving configuration from the management station",
"-3245":"Error retrieviong configuration from the management station",
"-3246":"Error retrieving diff from the managemenet station",
"-3247":"Error requesting firmware image list",
"-3248":"Failed to delete script execution history record.",
"-4001":"Please remove virtual AP interfaces before switching out of AP mode.",
"-10000":"Invalid action.",
"-10001":"Request missing.",
"-10002":"Invalid request."