|
In order to get more information on what exactly triggers the error prior to the execution of the ADOM upgrade run the following diagnostics:
diagnose debug reset
diagnose debug timestamp enable
diagnose debug service cdb 255
diagnose debug service dvmdb 255
diagnose debug enable
Once done, trigger the ADOM upgrade to generate the error and check the generated output.
There should be a line similar to the one shown below:
commit copy firewall internet-service-group.<group object name>(soid=<ID>) to dparent=<ID>, fail: err=-2, Direction of member(s) must either be both or the same direction as the group
Steps to correct the issue and perform a successful ADOM upgrade:
- Make sure the ISDB objects are visible in the FortiManager:
Enter the ADOM desired to be upgraded Policy and Objects -> Tools -> Display Options -> under the section 'Firewall Objects' enable 'Internet Service' -> OK.
- Adjust the '<group object name>' direction to be matching the direction of the ISDB object:
Policy and Objects -> Object Configurations -> Firewall Objects -> Internet Service, search for '<group object name>' -> Edit -> Advanced Options -> select direction either as 'Source' or 'Destination' (same direction as defined in the member) -> OK.
- Now the upgrade should succeed. If there are more ISDB groups with mismatched directions use the above procedure to identify and correct the rest.
- (OPTIONAL) Once the ADOM upgrade is successful it is possible to revert the ISDB group direction back to the original value.
Related articles:
Technical Tip: How to upgrade an ADOM on FortiManager
|
