Solution |
When REST-API is being used in FortiGate to retrieve or edit configuration, there might be an error response from the FortiGate as below.
{ "http_method":"POST", "revision":"e68fda6729af52d4cfebd249900f70f9", "revision_changed":false, "error":-651, "status":"error", "http_status":500, "vdom":"47", "path":"firewall", "name":"policy", "serial":"FGT37DTK20800026", "version":"v6.2.8", "build":1232 }
Error code '-651' explains that invalid value is being used with the REST-API syntax.
Refer to all error codes.
"-1":"Invalid length of value.", "-2":"Index out of range.", "-3":"Entry not found.", "-4":"Maximum number of entries has been reached.", "-5":"A duplicate entry already exists.", "-6":"Failed memory allocation.", "-7":"Value conflicts with system settings.", "-8":"Invalid IP Address.", "-9":"Invalid IP Netmask.", "-10":"Invalid gateway address.", "-11":"Incorrect hexidecimal entry. Must use 2 hex digits in the range ,0-9, ,A-F.", "-12":"Invalid IPSEC auto algorithm chosen.", "-13":"Invalid Timeout value. Should be in the range ,1-480.", "-14":"Permission denied. Insufficient privileges.", "-15":"Duplicate entry found.", "-16":"Blank or incorrect address entry.", "-17":"Incorrect address name.", "-18":"Incorrect service value.", "-19":"Incorrect schedule value.", "-20":"Blank entry.", "-21":"Invalid IPsec tunnel.", "-22":"Invalid IPsec tunnel.", "-23":"Entry is used.", "-24":"Error opening file.", "-25":"Error reading from shared memory.", "-26":"File error.", "-27":"Error opening IP-MAC info file.", "-28":"File is not an update file.", "-29":"Failed to update routing information.", "-30":"Invalid username or password.", "-31":"Invalid old password.", "-32":"Invalid PIN number", "-33":"Invalid MAC address.", "-34":"Duplicate remote gateway.", "-35":"Duplicate destination in VPN policy", "-36":"Duplicate or invalid VIP mapping.", "-37":"Permission denied.", "-38":"Download file does not exist.", "-39":"Configuration file error.", "-40":"Invalid DHCP range. Start address is greater than end address.", "-41":"Invalid service group.", "-42":"DMZ->Internal virtual IP mapping is not allowed.", "-43":"Cannot use the external interface's IP as a virtual IP.", "-44":"Set RADIUS info before enabling RADIUS", "-45":"Invalid IP range.", "-46":"Invalid zone.", "-47":"Replacement message is too large.", "-48":"The end time should be later than the start time.", "-49":"The password must conform to the system password policy.", "-50":"Input is in invalid format.", "-51":"Out of length. Max length is 80 western characters.", "-52":"Upload file is too big or invalid.", "-53":"Banned word used has an invalid character.", "-54":"IP address is in same subnet as the others.", "-55":"Duplicate default gateway.", "-56":"Empty values are not allowed.", "-57":"Server error.", "-58":"PPPOE permission deny.", "-59":"PPPOE is trying.", "-60":"PPPOE password error.", "-61":"Input not as expected.", "-62":"One time schedule stop time should be later than the current time.", "-63":"FortiGuard- AV update failed.", "-64":"IPS update failed.", "-65":"Unable to uncompress the tar file you provided.", "-66":"Unable to uncompress the gz file you provided.", "-67":"Cannot create tmp directory.", "-68":"Upload file should contain the migadmin and bin directories.", "-69":"Unable to activate the key you provided.", "-70":"Cannot enable the smartfilter categories.", "-71":"Failed to update the smartfilter.", "-72":"Field value exceeds the maximum number of characters.", "-73":"End IP cannot be smaller than the start IP.", "-74":"The last download operation has not ended yet, please wait until it finishes.", "-75":"DHCP range has conflict with IP/MAC binding.", "-76":"DHCP relay cannot be created because DHCP server of same type already exists on that interface.", "-77":"DHCP server cannot be created because DHCP relay of same type already exists on that interface.", "-78":"DHCP over IPSEC service created conflicts with another DHCP over IPSEC service on VPN's internal interface.", "-79":"Internal error in ipsec.", "-80":"No route to the remote gateway.", "-81":"No tunnel.", "-82":"Tunnel already exists", "-83":"SPI already exists.", "-84":"No route or SPI already exists.", "-85":"Firewall has all the updates found in the given file.", "-86":"File does not contain any updates for this feature.", "-87":"IMAGE crc error.", "-88":"Vlan name error.", "-89":"Invalid number.", "-90":"Invalid IP pool name.", "-91":"IP pool address should match the interface.", "-92":"Invalid external service port. It has been occupied by system.", "-93":"Connection config error", "-94":"The user group cannot be deleted because it is in use by one of the policies.", "-95":"The user group cannot be deleted because it is in use by PPTP.", "-96":"The user group cannot be deleted because it is in use by L2TP.", "-97":"The radius cannot be deleted because it is in use by one of the users.", "-98":"There is no such user group name.", "-99":"The radius cannot be deleted because it is in use by one of the groups.", "-100":"A duplicate user name already exists.", "-101":"A duplicate remote server name already exists.", "-102":"The route gateway is used by policy route.", "-103":"The gateway 1 is not a valid gateway.", "-104":"The gateway 0000002 is not a valid gateway.", "-105":"The gateway 3 is not a valid gateway.", "-106":"The gateway 4 is not a valid gateway.", "-107":"The user group cannot be deleted because it is in use by IPSEC.", "-108":"Update center cannot be both empty.", "-109":"Invalid email address.", "-110":"The keylife value cannot be smaller than 120 seconds.", "-111":"FortiGuard - AV update unauthorized.", "-112":"IPS update unauthorized.", "-113":"The keylife value cannot be bigger than 172800 seconds.", "-114":"The keep-alive frequency cannot be longer than 900 seconds.", "-115":"The gateway is not a valid gateway.", "-116":"Please enter an external interface name.", "-117":"Remote IP must be set if IP is defined.", "-118":"IP must be set if remote IP is defined.", "-119":"Blank or incorrect schedule entry.", "-122":"The VLAN is not in the same zone as the address.", "-123":"Invalid day input.", "-124":"Invalid hour input.", "-125":"Minute should be 00, 15, 30 and 45 only.", "-126":"Update center cannot both be empty.", "-127":"Invalid admin timeout.", "-128":"Invalid auth timeout.", "-129":"PIN number length should be 6 digits.", "-130":"Invalid date input.", "-131":"Invalid year input.", "-132":"Invalid month input.", "-133":"Invalid day input.", "-134":"Invalid time input.", "-135":"Invalid hour input.", "-136":"Invalid minute input.", "-137":"Invalid second input.", "-138":"The gateway peerid cannot be same as the localid or peerid in any other gateway settings.", "-139":"The IP pool range cannot be larger than a class A subnet.", "-140":"Missing the ipsec phase1 dpd value.", "-141":"Missing the ipsec phase1 dpd idleworry value.", "-142":"Missing the ipsec phase1 dpd retrycount value.", "-143":"Missing the ipsec phase1 dpd retryinterval value.", "-144":"Missing the ipsec phase1 dpd idlecleanup value.", "-145":"The imported local certificate is invalid", "-146":"The imported CA certificate is invalid", "-147":"The certificate is being used", "-148":"Rules file format error.", "-149":"User group does not exist.", "-150":"Log level out of range.", "-151":"The certificate does not exist.", "-152":"Invalid encryption key.", "-153":"Invalid authentication key.", "-154":"Bridge management IP and HA port IP cannot be in the same subnet. Please change either IP address.", "-155":"Keylife KBytes value must be greater than 5120.", "-156":"The IP pool range overlapped an existing IP pool range.", "-157":"This interface cannot be assigned to a zone because it is currently being used by a policy.", "-158":"Invalid VLAN ID", "-160":"CFG_ER_GENERIC", "-161":"The primary and secondary IP cannot be the same.", "-162":"Service names and service group names cannot be the same.", "-163":"Address names and address group names cannot be the same.", "-164":"Address names and virtual IP names cannot be the same.", "-165":"Address group names and virtual IP names cannot be the same.", "-166":"The name is too long.", "-167":"Failed to import pkcs12 file.", "-168":"Could not export pkcs12 file.", "-169":"Your traffic shaping maximum bandwidth must be greater than your guaranteed bandwidth.", "-170":"Invalid SMTP mail server format.", "-171":"Invalid SMTP mail user format.", "-172":"No password for authentication", "-173":"The string contains XSS vulnerability characters.", "-175":"Max size of log file must be in the range 1 and 1024", "-176":"This ippool is being used by a policy", "-177":"Moving a policy from one interface/zone pair to a different interface/zone pair is not permitted", "-178":"Moving a policy from one interface/zone to a different interface/zone is not permitted", "-180":"We are unable to send your update request.", "-181":"Upload file is too big, only part of it is saved.", "-183":"Incorrect upload file or the file is empty.", "-184":"Some duplicate entries in the upload file have been removed.", "-185":"Too many regular expression entries were present in the upload file, only part of them were saved.", "-186":"Maximum number of regular expression entries has been reached.", "-187":"End Point pattern exceeds the maximum length", "-188":"Cannot have both HA and sessio-sync turned on.", "-190":"Too many interfaces to detect.", "-203":"Invalid Username or Password.", "-204":"Invalid Username or Password.", "-210":"Interface is not in manual addressing mode.", "-211":"Interface is not in dhcp or pppoe addressing mode.", "-212":"Interface is not in dhcp addressing mode.", "-213":"Interface is not in pppoe addressing mode.", "-214":"DHCP Server is not enabled on the interface.", "-215":"Invalid interface name.", "-216":"DHCP Client has not connected to DHCP server.", "-217":"Cannot set mode to DHCP or PPPoE when HA is on.", "-218":"Interface speed cannot be set for aggregated interfaces.", "-220":"Missing interface keyword or parameter.", "-221":"Missing scope keyword or parameter.", "-222":"Missing IP range keyword or parameter.", "-223":"Missing netmask keyword or parameter.", "-224":"Scope name already exists", "-230":"Start IP, end IP, and default gateway are not in the same subnet.", "-231":"Start IP and end IP cannot be in the same subnet with other scopes.", "-232":"Start IP and end IP cannot be changed to different subnet.", "-233":"Start IP and end IP conflict with excluded IP range configuration.", "-234":"Start IP and end IP conflict with reserved IP-MAC configuration.", "-235":"Scope IP pool conflicts with system IP-MAC binding configuration.", "-236":"A regular(Ethernet) DHCP server can not be configured on an interface without a static IP.", "-240":"Invalid DHCP lease time.", "-241":"Invalid default gateway IP address.", "-242":"Invalid DNS IP address.", "-243":"Invalid WINS IP address.", "-244":"Invalid exclude IP address.", "-245":"Invalid exclude IP range.", "-250":"Duplicated IP in reserved IP/MAC pair.", "-251":"Duplicated MAC address in reserved IP/MAC pair.", "-252":"Invalid port.", "-253":"Conflicted IP timeout must be between 60 and 8640000 seconds.", "-254":"Invalid IPv6 prefix.", "-255":"Invalid IPv6 address.", "-257":"Invalid hostname.", "-292":"Reached maximum number of real servers for this VIP", "-300":"Email banned word operation failed.", "-301":"Invalid email banned word.", "-302":"Error importing remote certificate.", "-303":"SCEP certificate enrollment failed.", "-310":"Virtual IP group names and virtual IP names cannot be the same.", "-311":"Virtual IP group names and address names cannot be the same.", "-312":"Virtual IP group names and address group names cannot be the same.", "-313":"The bookmark group could not be deleted because it is used by one of the SSLVPN user groups.", "-314":"At least one SSL VPN web application needs to be enabled.", "-315":"Archived file does not exist on Disk.", "-350":"Invalid ICMP type.", "-351":"Invalid ICMP code.", "-352":"This ICMP code does not exist for the ICMP type.", "-353":"This ICMP type does not have code.", "-354":"The IP protocol number is not allowed here.", "-360":"Cmdb commands timeout.", "-361":"The cmdb add entry failed.", "-363":"Invalid port range.", "-375":"A radius server in this vdom is used by wireless setting.", "-376":"vdom contains vdom-link.", "-377":"Invalid IPsec transform. Encryption and authentication cannot both be NULL.", "-390":"Invalid GTP RAI value", "-392":"Invalid GTP IMEI value", "-393":"Carrier feature license invalid or not present", "-400":"Invalid ping server IP.", "-506":"Interface IP overlap.", "-508":"Please input a valid interface IP.", "-509":"The interface is not allowed to change the zone because one of the policies depends on it.", "-513":"Duplicate virtual domain name.", "-514":"Virtual domains still in use can not be deleted.", "-515":"The name is a reserved keyword by the system.", "-516":"AV profile is empty.", "-519":"interface name cannot be the same as VDOM.", "-520":"VLAN MTU cannot be larger than it's physical interface's MTU.", "-521":"Physical interface MTU cannot be smaller than it's VLAN interface's MTU.", "-522":"VLAN ID or physical interface cannot be changed once a VLAN has been created.", "-523":"Virtual domain license exceeded.", "-525":"Timeout should be between 0 and 65535 seconds.", "-526":"Another DHCP server with a lease range of the same subnet ID already exists.", "-527":"The interface name for a DHCP server can't be more than 14 characters.", "-528":"The client interface name for a DHCP relay can't be more than 14 characters.", "-529":"An ActiveDirectory group on this server is being used by a user group.", "-530":"Interfaces must have the same forward domain ID in TP mode.", "-531":"PPTP timeout must be between 0 and 65535 minutes.", "-540":"Invalid IP range. The specified IPs must be contained on the same 24- bit subnet (x.x.x.1- x.x.x.254).", "-541":"Invalid IP range. The L2TP and PPTP address ranges must not overlap.", "-542":"The imported CRL certificate is invalid.", "-550":"Cannot enable HTTPS redirect because Forticlient checking is enabled in some policy.", "-551":"Cannot enable Forticlient checking because authentication is redirected to HTTPS.", "-552":"Cannot create interface with name that could conflict with interfaces created by changing internal-switch-mode.", "-553":"Name conflicts with an interface, vdom, switc-interface, zone, or interface name used for hardware switch interfaces.", "-554":"Switch-interface memebers cannot be changed once the switch has been created.", "-555":"Software switch interfaces are not permitted in transparent mode.", "-560":"Supplied name is a reserved keyword and cannot be used.", "-561":"Registering device to FMG fail.", "-562":"Please select an endpoint NAC profile.", "-563":"Please select an application detection list.", "-564":"Invalid FortiClient license key.", "-565":"A specific application must be selected for 'Not Installed' or 'Not Running' rules with a 'Deny' action.", "-580":"The vdom property limit has been reached.", "-581":"Must delete one replacemsg group otherwise it will exceed group limit after vdom enable.", "-659":"Can not change to TP mode because this vdom has at least one vdom - link or loopback interface", "-600":"Invalid category or group.", "-602":"Invalid reporting time range.", "-603":"Invalid number of arguments specified.", "-604":"FortiGuard Web Filtering reports are unavailable on units without hard drives.", "-605":"That protection profile does not exist.", "-606":"An unknown error occurred while processing the configuration request.", "-607":"Invalid duration.", "-608":"Invalid date/time format. The date and time must be 'yyyy/mm/dd hh:mm:ss'.", "-609":"The specified expiry date is invalid. It must be from 5 minutes to 365 days in the future.", "-610":"Invalid local category ID (must be in the range 96 - 127).", "-611":"Invalid override authentication port (must be in the range 1-65535 excluding 80 and 443).", "-612":"Invalid cache time-to-live (must be in the range 300-86400 seconds).", "-613":"Invalid cache memory usage limit (must be in the range 2-15%).", "-614":"Only a domain name can be specified for this rule type. Either specify only the domain name or change the type to directory.", "-615":"The HTTP and HTTPS override authentication ports cannot overlap.", "-650":"The integer value is not within valid range.", "-651":"Input value is invalid.", "-652":"Some of the filter elements specified are mutually exclusive.", "-653":"Invalid regular expression.", "-658":"Question marks are not allowed in simple URL Filter entries.", "-690":"You must have at least one authentication method enabled.", "-701":"Wrong Group type in group definition.", "-702":"Group id out of range in group definition.", "-703":"Unknown keyword.", "-704":"Keyword in wrong sequence or the mandatory keywords are missing.", "-705":"Wrong value for given keyword.", "-706":"Missing start \"(\" in rule definition.", "-707":"Missing start \")\" in rule definition.", "-708":"Missing default value for given parameter.", "-709":"IPS rule definition is incomplete.", "-710":"Missing required keyword.", "-711":"Unknown signature format.", "-712":"The user-defined rule name is invalid.", "-713":"Input value is invalid.", "-800":"The SSL VPN session zone cannot be deleted because it is in use by one of the policies.", "-901":"Backup failed, please try again", "-902":"Restore failed, please try again", "-950":"Invalid timeout.", "-951":"Protocol mismatch", "-952":"Invalid DLP action", "-953":"Invalid DLP archive setting", "-1000":"The operation mode has been changed.", "-1001":"Invalid number of arguments.", "-1002":"Invalid key size.", "-1003":"Invalid key.", "-1004":"Cannot update license file.", "-1010":"Login Disclaimer Declined.", "-1100":"Invalid FortiClient Installer.", "-1101":"FortiGuard service is unavailable.", "-1102":"Downloading ForitClient installer from FortiGuard timed out.", "-2001":"Your password must be at least 1 character long.", "-2002":"Your password cannot contain the following characters: ~ ! # % ^ & *+`\':()[]{}\<>|/", "-2003":"The password entries do not match.", "-2004":"Your name is invalid.", "-2006":"Your password must be at least 8 characters long.", "-2007":"SSLVPN port and HTTPS admin port clash on same IP address", "-2008":"Destination address of split tunneling policy is invalid.", "-2009":"Please select at least one client check option when client check is enabled.", "-2011":"At least one IP pool must be specified for SSL VPN tunnel mode.", "-3000":"Internal error processing requested file.", "-3001":"Line #%d in the uploaded file is too long.", "-3002":"Uploaded file contains binary symbols around line #%d.", "-3003":"Out of temporary space.", "-3004":"Line #%d in the uploaded file has an invalid format.", "-3005":"Line #%d in the uploaded file contains an invalid language ID.", "-3199":"Unable to retrieve FortiAnalyzer status.", "-3200":"FortiAnalyzer IP is not valid", "-3201":"FortiAnalyzer IP is used by other settings", "-3202":"Cannot connect to FortiAnalyzer", "-3203":"FortiAnalyzer version does not recognize remote log viewing request", "-3204":"FortiAnalyzer is used by other settings", "-3205":"Error reading FortiAnalyzer report files.", "-3206":"Please configure a FortiAnalyzer device.", "-3207":"Archived file does not exist on FortiAnalyzer device.", "-3208":"Invalid option on FortiAnalyzer", "-3209":"Communication error with FortiAnalyzer device.", "-3210":"Hello holdtime must not be less than hello interval.", "-3211":"You must set a BSR interface if you are a BSR candidate.", "-3212":"You must set a RP candidate interface if you are a RP candidate.", "-3213":"You must set the source override interface.", "-3214":"Query interval must be greater than Query max response time.", "-3215":"Inputted IP is not a multicast IP address.", "-3216":"Multicast route threshold must not exceed multicast route limit.", "-3220":"Report name is already in use.", "-3221":"Access permissions are disabled on the FortiAnalyzer.", "-3222":"No available reports on the FortiAnalyzer.", "-3230":"Cannot connect to FortiGuard", "-3231":"FortiGuard version does not recognize remote log viewing request", "-3232":"There was an error when purging FortiGuard logs.", "-3233":"Archived file does not exist on FortiGuard Service device.", "-3234":"Invalid option on FortiGuard Servic", "-3235":"Communication error with FortiGuard Service device.", "-3240":"Unable to update FortiGuard Analysis & Management Service license information.", "-3241":"Error requesting image form the management station", "-3242":"Error downloading image from the management station", "-3243":"Error saving configuration to the management station", "-3244":"Error retrieving configuration from the management station", "-3245":"Error retrieviong configuration from the management station", "-3246":"Error retrieving diff from the managemenet station", "-3247":"Error requesting firmware image list", "-3248":"Failed to delete script execution history record.", "-4001":"Please remove virtual AP interfaces before switching out of AP mode.", "-10000":"Invalid action.", "-10001":"Request missing.", "-10002":"Invalid request."
|