FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes the steps to take to when facing the following ADOM upgrade error:
'Fail(errno=-2): Direction of member(s) must either be both or the same direction as the group' without any extra details.
Scope
FortiManager, ADOM upgrade.
Solution
If gathering cdb and dvmdb debug during ADOM upgrade, there should be a line similar to the one shown below:
commit copy firewall internet-service-group.<group object name>(soid=<ID>) to dparent=<ID>, fail: err=-2, Direction of member(s) must either be both or the same direction as the group
Steps to correct the issue and perform a successful ADOM upgrade:
Make sure the ISDB objects are visible in the FortiManager: Enter the ADOM desired to be upgraded Policy and Objects -> Tools -> Display Options -> under the section 'Firewall Objects' enable 'Internet Service' -> OK.
Adjust the '<group object name>' direction to be matching the direction of the ISDB object: Policy and Objects -> Object Configurations -> Firewall Objects -> Internet Service, search for '<group object name>'-> Edit -> Advanced Options -> select direction either as 'Source' or 'Destination' (same direction as defined in the member) -> OK.
Now the upgrade should succeed. If there are more ISDB groups with mismatched directions use the above procedure to identify and correct the rest.
(OPTIONAL) Once the ADOM upgrade is successful it is possible to revert the ISDB group direction back to the original value.
