Description
This article describes how to check the FortiManager databases prior to a firmware upgrade.
It is recommended to check the integrity of FortiManager databases before upgrading. If there are any errors found, the user can fix them before performing the upgrade.
Scope
FortiManager.
Solution
- Check the integrity of the Policy Manager database by using the following command:
diagnose pm2 check-integrity all
Example output:
diagnose pm2 check-integrity all
--- pragma integrity_check adom db ---
--- total: 23 ok.
--- pragma integrity_check device db ---
--- total: 5 ok.
--- pragma integrity_check global db ---
--- total: 2 ok.
--- pragma integrity_check ips db ---
--- total: 5 ok.
--- pragma integrity_check task db ---
--- total: 1 ok.
--- pragma integrity_check ncmdb db ---
--- total: 26 ok.
- Check the integrity of the Device Manager database by using the following command:
diagnose dvm check-integrity
Example output:
diagnose dvm check-integrity
[1/11] Checking object memberships ... correct
[2/11] Checking adom nodes ... correct
[3/11] Checking device nodes ... correct
[4/11] Checking device vdoms ... correct
[5/11] Checking duplicate device vdoms ... correct
[6/11] Checking device ADOM memberships ... correct
[7/11] Checking device HA Secondary ... correct
[8/11] Checking device clusters ... correct
[9/11] Checking groups ... correct
[10/11] Checking group membership ... correct
[11/11] Checking task database ... correct
- Check the integrity of ADOM configurations in the database by using the following command:
diagnose cdb check adom-integrity
Example output:
diagnose cdb check adom-integrity
General updating - adom FAZ200D ... ....100% No errors
General updating - adom FAZ200F ... .....20%..100% No errors
General updating - adom FortiCarrier ... ...100% No errors
General updating - adom FortiFirewall ... ...100% No errors
General updating - adom root ... .....50%..100% No errors
General updating - adom Global ... .....30%.100% No errors
- Check the integrity of the policy packages by using the following command:
diagnose cdb check policy-packages Adom root
Example output:
diagnose cdb check policy-packages Adom root
[1/7] Checking Scope ... correct
[2/7] Checking Dynamic mappings ... correct
[3/7] Checking Policy package settings ... correct
[4/7] Checking Cross-linked objs ... correct
[5/7] Checking Object parent mismatch ... correct
[6/7] Checking Undeleted objs ... correct
[7/7] Checking Controller package status ... correct
Adom Global
[1/4] Checking Policy package settings ... correct
[2/4] Checking Cross-linked objs ... correct
[3/4] Checking Object parent mismatch ... correct
[4/4] Checking Undeleted objs ... correct
- Check the integrity of the object configuration database, reference table, ADOM database, DVM database, and invalid policy package and template installation targets by using the following command:
diagnose cdb upgrade check +all
Example output:
diagnose cdb upgrade check +all
Checking: Object config database integrity
No error found.
Checking: Reference table integrity
No error found.
Checking: Repair invalid object sequence
No error found.
Checking: Reassign duplicated uuid in ADOM database
No error found.
Checking: Resync and add any missing vdoms from device database to DVM database
No error found.
Checking: Invalid policy package and template install target
No error found.
Checking: Firewall address wrong FQDN type
No error found.
Checking: Delete invalid device level mapping for normalized interface
No error found.
Checking: Delete invalid orphan entries
No error found.
Checking: drop table of user group guest
No error found.
Checking: Invalid assign status entries
No error found.
Checking: Copy section title from previous policy config
No error found.
Checking: Fix invalid created timestamp
No error found.
Related articles:
Technical Tip: Upgrading FortiManager/FortiAnalyzer
Technical Tip: How to upgrade an ADOM on FortiManager
