Description
This article describes the error for installation failed due to the 'Address Group are exclusive' error.
Scope
FortiManager.
Solution
Address groups are widely used in FortiGate to categorize different subnets for ease of management. In FortiManager, the invalid configuration may cause FortiGate rejection and FortiManager will result in a failed installation.
In this example, the address group is used in the firewall policy and installed from FortiManager to FortiGate. However, the installation failed, and installation log only shows '<Address Group name> and <Address Group name> are exclusive'.
This error is generated from FortiGate and rejects the CLI configuration from FortiManager. The reason is due to the Address Group Type is different:
- Main Address Group:
- Main Address Group Member:
If multiple Address Groups are grouped into 1 Address Group, the type must be the same. Hence, a 'Folder' type Address Group cannot be grouped into a 'Group' type. Fix the type as shown below:
Note:
If the installation of the address group is completed and the address group is created in local FortiGate, it needs to be deleted from FortiGate locally because change of Address Group type is forbidden by FortiGate. FortiManager must recreate the Address Group in FortiGate instead of 'unset type'.
Related article:
Technical Tip: Creating address folders by grouping address objects
