FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes what information and debug outputs to gather and provide through a TAC Ticket in case of a FortiManager Policy Package Installation issue.
Log in to the FortiManager web UI and start screen capture using the FortiManager Debugger for Chrome extension. In the FortiManager web UI, navigate to System Settings and display the ADOM settings, then review all relevant objects, policy packages, and template settings related to the reported issue.
Note: In Device Manager, go to the FortiGate Dashboard widget 'Configuration and Installation'. In the Total Revision section, perform a Retrieve Config action. (If the configuration is valid, this will change the Device Config Status to Synchronized.)
Open an SSH session to FortiManager or open FortiManager web CLIconsole (located in right upper corner '>_') and run the following command:
diagnose debug reset get system status get system performance diagnose cdb upgrade summary diagnose debug enable diagnose debug timestamp enable diagnose debug dpm conf enable diagnose dvm debug enable all diagnose debug application securityconsole 255 diagnose debug application depmanager 255
Note:
Keep the SSH session running.
Start the Install Wizard and choose' Policy Package & Device Settings'. Select the correct Policy Package and start the installation by selecting the 'Next' button. In the next step, select the correct FortiGate and proceed by selecting 'Next'. In the following step, open the Install Preview and save it as a text file. Then complete the installation by selecting the 'Install' button. Once the installation is finished, do not close the Install Wizard window; instead, select the device, open the Install Log, and save it as a text file.
Once the issue is reproduced, stop screen capturing in the debugger; it creates a debugger output file.
Stop debugging in the SSH session via a CLI command:
diagnose debug disable
And save the SSH session output to a text file.
Download FortiManager backup.
Download FortiGate backup via the FortiGate web UI.
Collect the complete output of the FortiManager CLI command:
execute tac report
Update the TAC ticket with the following files completed via steps 2-9 above:
Complete TAC report.
FortiManager backup (including backup password).
SSH session with debug output.
Debugger for Chrome output file.
Installation preview, install log file, or log file with error.
