Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
RuiChang
Staff
Staff

Created on ‎09-06-2023 09:33 PM Edited on ‎09-18-2024 02:48 AM By Moderator

Article Id 272482

Technical Tip: FortiManager failed to execute script in the Device Database

Description

 

This article describes the reason for FortiManager to fail in script execution in the Device Database.

 

Scope

 

FortiManager.

 

Solution

 

In FortiManager, the script is applied to ease the configuration for multiple devices. However, there are some limitations on the FortiManager script to avoid invalid or sensitive configurations being made on the Device Database directly.

 

If the configuration is prohibited in the FortiManager Device Database, the error message below will appear:

 

[line 5] > set fmg-source-ip [parameter(s) invalid. object: fmg-source-ip. detail: not allow to change]

Failed to commit to DB, reason([line 5] > set fmg-source-ip [parameter(s) invalid. object: fmg-source-ip. detail: not allow to change]

)

 

RuiChang_0-1694052865196.png

 

In this case, the user needs to execute the script at 'Remote FortiGate Directly (via CLI)'.

 

The list below provides the list of configurations prohibited from being made on the FortiManager Device Database:

 

notinstall {

                    "certificate ca last-updated";

                    "certificate crl last-updated";

                    "certificate local last-updated";

                    "dpdk cpus";

                    "dpdk global";

                    "endpoint-control fctems capabilities";

                    "endpoint-control fctems serial-number";

                    "firewall address list";

                    "log tap-device";

                    "switch-controller managed-switch ports port-owner";

                    "switch-controller traffic-policy id";

                    "switch-controller vlan";

                    "system central-management fmg";

                    "system central-management fmg-source-ip";

                    "system central-management fmg-source-ip6";

                    "system central-management serial-number";

                    "system central-management type";

                    "system central-management vdom";

                    "system fortiguard service-account-id";

                    "system global http-request-limit";

                    "system global http-unauthenticated-request-limit";

                    "system ha chassis-id";

                    "system storage";

                    "user group guest";

                    "user quarantine targets macs entry-id";

                    "vpn certificate ca last-updated";

                    "vpn certificate crl last-updated";

                    "vpn certificate local last-updated";

                    "webfilter override initiator";

};

 

Troubleshooting:

Use the below commands to troubleshoot errors during the installation from FortiManager to the managed Devices:

 

diagnose debug enable

diagnose debug application securityconsole 255

 

Note:

The list may changed or updated from time to time. Users may open a FortiCare ticket to check with TAC engineers.

1675
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.