Technical Tip: FortiManager ADOM upgrade from 7.2 to 7.4 fails with 'Invalid Application custom data'

fsmeltzer · ‎02-27-2025

Description

This article describes how to workaround FortiManager error 'Fail (errno=-999):invalid value - prop[application_cus]: Invalid Application custom data. The quotation format of "pattern" is error.' after attempting to upgrade ADOM from v7.2 to v7.4.

When upgrading ADOMs that contain 'Custom Application Signatures' it is possible to hit the error 'Fail (errno=-999):invalid value - prop[application_cus]: Invalid Application custom data. The quotation format of "pattern" is error.' due to expected syntax changes between v7.2 and v7.4.

Scope

FortiManager 7.4.x managing v7.2/v7.4 ADOMs with Custom Application Signatures.

Solution

To resolve this without deleting the custom signature, the 'Custom Application Signatures' pattern object needs to be updated with quotation marks.

Select the affected ADOM, navigate to Policy & Objects -> Security Profiles -> Application Signatures and edit the signature(s).
Examine the string in the 'signature box' for v7.2 the signature will look similar to:

F-SBID(--attack_id 1000; --name Test.com; --pattern Test.com; --service HTTP; --no_case; --flow from_client; --context host; --app_cat 12; )

For v7.4 add quotations around the 'Pattern Object', as an example:

F-SBID(--attack_id 1000; --name Test.com; --pattern "Test.com"; --service HTTP; --no_case; --flow from_client; --context host; --app_cat 12; )

Update the 'Custom Application Signatures' and retest the ADOM upgrade.

Related article:

Technical Tip: How to upgrade an ADOM on FortiManager

Technical Tip: FortiManager ADOM upgrade from 7.2 to 7.4 fails with 'Invalid Application custom data'

You are leaving our website