Troubleshooting Tip: FortiManager push failed before Install preview - error system interface

JianWu · ‎08-21-2025

Description

This article describes an issue where, when trying to push policy, it fails before the install preview is available.
This issue is more prevalent when an SD-WAN or IPsec template is used.

The following is the error message from the install logs:

After the VDOM fails:

error system interface - VPN1 :15 - used. detail: used in adom by dynamic interface (VPN1)

'VPN1' above is referencing a tunnel interface name called VPN1, it can be a different name.

Scope

FortiManager, Provisioning Templates, IPsec template.

Solution

The reason for this error message is that the IPsec tunnel is created via Provisioning templates; the IPsec template has to be more specific.

If the IPsec template that created the IPsec interface is removed, or if the FortiGate is not included in the Assigned Device/Group where FortiManager needs to push the policy, this error message will show up.

There are two ways to address this issue.

If the IPsec template is used and will be used again, it is better to have the Fortigate in question included in the device/group selection.
If the IPsec template has been removed or is no longer needed, the method mentioned in the following article can be used: Technical Tip: Remove comment created by IPsec Template.

After completing these corrections, the error message should cease to appear. If it was the only error, the install preview will become available.

Related article:

Technical Tip: Remove comment created by IPsec Template

Troubleshooting Tip: FortiManager push failed before Install preview - error system interface

You are leaving our website