Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
mvlasak
Staff
Staff

Created on ‎05-29-2025 07:46 AM

Article Id 394158

Troubleshooting Tip: How to Check if a particular Internet Service exists on FortiManager and FortiGate

Description

This article describes how to resolve errors where policy package installation fails if FortiManager attempts to push a firewall policy that references an internet-service-name (or internet-service6-name) not available on the target FortiGate. This typically occurs when there is a mismatch in the Internet Service Database (ISDB) version or when a service exists in FortiManager but not on FortiGate.
Scope FortiManager/FortiGate 7.x.
Solution

 

  1. Check the ISDB Version on FortiGate and FortiManager.

 

To ensure consistency, the ISDB version must be the same on both FortiGate and FortiManager. To check:

 

On FortiGate:

 

diagnose autoupdate versions | grep "Internet-service Standard Database" -A5

FGT # diagnose autoupdate versions | grep "Internet-service Standard Database" -A5
Internet-service Standard Database
---------
Version: 7.04192 signed
Contract Expiry Date: n/a
Last Updated using scheduled update on Thu May 29 04:18:41 2025
Last Update Attempt: Thu May 29 12:18:02 2025

 

On FortiManager:

 

diagnose dvm adom list


FMG # diagnose dvm adom list
There are currently 23 ADOMs (count for license: 3/105):
OID  STATE    PRODUCT OSVER MR LIC NAME       MODE   VPN MANAGEMENT        IPS  ISDB
8891 enabled  FOS     7.0   2  Y   PRODUCTION Normal                       32.4 7.4166
.....
3    enabled FOS      7.0   2      root       Normal  Central VPN Console  32.4 7.4166
4048 enabled FOS      7.0   6  Y   root76     Normal  Central VPN Console  32.4 7.4166
10   enabled FOS      7.0   2      Global     Normal  Policy & Device VPNs 32.4 7.4166
---End ADOM list---

 

This command will list all ADOMs, along with the ISDB version used in each. Look at the ISDB column for the version.

 

  1. To verify whether a specific internet-service-name (e.g., Botnet-C&C.Server) exists on a FortiGate device, use the following command:

 

# diagnose internet-service id-summary | grep Botnet
id: 3080383 name: "Botnet-C&C.Server"

If no output is returned, the service likely does not exist on the FortiGate due to an outdated Internet Service Database (ISDB).

 

 

  1. To verify whether a specific internet-service-name (e.g., Botnet-C&C.Server) exists on a FortiManager device, use the following command:


FMG # exe fmpolicy print-adom-object root "firewall internet-service-name" "Botnet-C&C.Server"
Dump object [Botnet-C&C.Server] of category [firewall internet-service-name] in adom [root]:
---------------
[Botnet-C&C.Server] is a reserved record

 

Note: It is necessary to use the full internet service name in the FortiManager CLI command.

 

Important Note:

If the ISDB versions are not the same, FortiManager may attempt to use objects (e.g., internet-service-name) that do not yet exist on the FortiGate, which can cause install errors. Always make sure that FortiGate and FortiManager are updated to use the same ISDB version before pushing policies.
240
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.