Troubleshooting Tip: Error when install which involve VPN Manager and SD-WAN configuration

smkml · ‎11-29-2024

Description

This article describes how to troubleshoot when receiving an error that involves VPN Manager and SD-WAN configuration as per below:

install error.png

Scope

FortiManager, FortiGate.

Solution

This issue occurs when the tunnel interface created initially by the VPN Manager is assigned to SD-WAN members.

Where by design this is not supported to use interface zone as SD-WAN member.

VPN Manager community using Hub and Spoke design:

vpn manager community.png

Phase 1 and Phase 2 tunnel interfaces are created:

p1 tunnel.png

p2 tunnel.png

When installing the Policy Package level it will show failed with the below specific error:

Post vdom failed:
error :131 - datasrc invalid. object: system zone.vpnmgr_test_spoke2hub:interface. detail: test_1. solution: data cannot be used. reason: invalid value - prop[interface]: sys zone intf cannot be used in system sdwan members interface(test_1).

By design, this is not supported to use interface zones as SD-WAN members, where basically if enabled VPN Zone in the VPN Manager community will automatically create the interface zone.

enabled vpn zone.png

Therefore it is necessary to disable it to remove the error.

disable vpn zone.gif

Related article:

Technical Tip: How to use the VPN manager default zones in policies

Troubleshooting Tip: Error when install which involve VPN Manager and SD-WAN configuration

Description

Scope

Solution

You are leaving our website