Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
haziqsulaiman
Staff
Staff

Created on ‎08-21-2024 02:07 AM Edited on ‎08-21-2024 05:45 AM By Moderator

Article Id 335069

Technical Tip: How to fix issue ‘the category is already set in another filter’

Description This article describes how to resolve the ‘the category is already set in another filter’ error that may occur when installing device settings from FortiManager.
Scope FortiManager.
Solution

When pushing policy package/device settings to managed FortiGate, the following error may occur:

 

error.png

 

This may be caused by conflicting configurations for dnsfilter profile on both FortiGate and FortiManager.

 

Typically, it is possible to resolve this by performing Retrieve Config followed by Import Configuration. Refer to the following article for the step-by-step troubleshooting process:

Technical Tip: How to fix synchronization issue in FortiManager

 

In case the Retrieve Config does not resolve this issue, it is possible to clone the dnsfilter profile on FortiGate and import the newly created profile to FortiManager to synchronize the device-level settings.

 

  1. Login to FortiGate with Read-Write permission, go to Security Profiles -> DNS Filter, 'right-click' the profile with conflict, and select Clone.

 

dnsfitler.png 

  1. Select the number under the Ref. column to see which firewall policies are referencing the offending dnsfilter profile. Configure the firewall policies to use the newly cloned dnsfilter profile.

    dnsfilter.png 

     

    editpolicy.png 

  2. Go back to FortiManager and perform a Retrieve Config and Import Configuration to import the cloned dnsfilter profile into the ADOM database.

    import.png

     

  3. It should now be possible to install Policy Package/Device Settings successfully without error.

    install.png  

  4. Troubleshooting steps:

    Download the Installation logs to more easily identify the exact reason for the error.

    To get detailed information, run the following command after connecting to FortiManager with SSH:


    diag debug application securityconsole 255
    diag debug enable

     

    For further troubleshooting, gather the following debug information from FortiManager when trying to push the configuration and attach it to the ticket when contacting TAC.

    On the FortiManager:


    diagnose debug application securityconsole 255

    diag debug app depmanager 255

    diagnose debug application fgfmsd 255 <fgt device name>

    diagnose debug enable

    diagnose debug time enable

     

    On the FortiGate:

     

    exe tac report

    diagnose debug application fgfmd 255

    diagnose debug cli 255

    diagnose debug console time enable

    diagnose debug enable

Related Articles:

Technical Tip: How to fix synchronization issue in FortiManager

Troubleshooting Tip: Solving the 'copy' error that occurs while installing the policy package / data...
392
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.