FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
SteveR
Staff
Staff
Article Id 346536
Description

This article describes the 'diag cdb upgrade force-retry remove-nonexistence-datasrc' command in FortiManager and explains how to use it effectively in specific scenarios.

Scope

FortiManager.

Solution

Sometimes, when address objects are deleted from the FortiManager database, the objects are not deleted from all of the firewall policies causing DB inconsistencies.

 

This can cause issues such as failed Policy Package installs, failed cloning of Policy Packages, etc.

 

In FortiManager v6.4.8 and above, the command 'diag cdb upgrade force-retry remove-nonexistence-datasrc' can be used to correct these inconsistencies.

 

Purpose:

The primary purpose of the command is to handle situations where an object has been deleted or changed but references to the original object still exist with the FortManager database.

 

Usage Scenarios:

Upon deleting or changing an object, references to the original object might still exist in policy packages. Running this command will help the FortiManager identify and remove the references to the deleted or changed object.

 

It is important to save a backup of the FortiManager before running these commands to have a rollback possibility in case of any unintended consequences.

 

  1. Log into the FortiManager via CLI using an account with administrative privileges.
  2. Run the Command: 

 

diag cdb upgrade force-retry remove-nonexistence-datasrc

 

  1. Check the output from the command: As the process activated by the command corrects database inconsistencies an output will be displayed indicating which changes have been made.
  2. Check the resulting configuration: After running the command check that the expected changes have been made.

 

Additional Considerations:

  • Always take a backup of the FortiManager configuration before running any commands that affect the database. This ensures to roll back should there be any unexpected results.
  • With large database configurations, the command may take some time to complete. Wait for the command execution to complete, signified by the message “Database upgrade complete”

 

Related articles:

Technical Tip: How to resolve missing references in FortiManager using the 'diagnose cdb upgrade for... 

Troubleshooting Tip: How to troubleshoot integrity issues (or config lost) after the upgrade of Fort...

Contributors