Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
stroia
Staff
Staff

Created on ‎04-23-2024 03:41 AM Edited on ‎04-23-2024 03:44 AM By Community Manager

Article Id 311045

Troubleshooting Tip: How to resolve the FortiManager error 'Object already exists in the ADOM' on Global Database association

Description This article describes how to resolve an 'Object already exists in the ADOM' error received from FortiManager while executing a task to assign a Global Database policy package to an ADOM.
Scope FortiManager.
Solution

In FortiManager with the Multi-ADOM feature enabled (a document explaining this feature is provided at the end of this article), navigate to Global Database ADOM -> Policy & Package. There is a Global Database and other Global Policy Packages are eventually created.

Try to push one or more Policy Packages to an ADOM:

 

  1. Select the '+' button on the left of Policy Package name and go to the Assignment section. Select the '+ Add ADOM' button, select the Destination ADOM, and select Policy Packages (Global, one, or otherwise).
  2. Select the 'Save' button.
  3. Select the Assign action and select the 'Start to Assign' button.

 

A task will appear in a window with Report Progress.

If the task fails and shows the error 'Local Adom already has object fw_addgrp name: xxx' (where 'xxx' is the object name), there are two possible scenarios:

  • If the object exists, it is necessary to delete it.
  • If the object does not exist, it is necessary to proceed with the steps described below in this article.

To search for the 'xxx' object on the Destination ADOM, navigate to Destination ADOM -> Policy & Objects -> Objects Configuration -> Firewall Objects -> Addresses:

 

Push Policy package error - First screen.png.jpg

 

The issue can be solved by resetting the UUID of the object 'xxx' on the CDB database (which is the object configuration database).

 

To do this:

  1. Create and run a global script by navigating to Global Database -> Policy & Objects -> Object Configurations -> Script -> Scripts -> + Create New.
  2. Add the following script text:

config firewall addrgrp

edit "xxx"

unset uuid

next

end

 

  1. Select the 'Run Script' button, select the window that appears in the Policy Package with the issue, and select the 'Run Now' button.

Push Policy package error - Second screen.jpg

 

Note:

It Is necessary to lock ADOMs before undertaking the steps described. For an explanation, see this section of the FortiManager administration guide.

 

Related documents:

Checking FortiManager databases - FortiManager administration guide.

Managing policy packages - FortiManager administration guide.

Checking FortiManager databases - FortiManager upgrade guide.

Technical Tip: How to check FortiManager database integrity prior to upgrade.

cdb - FortiManager CLI reference.
112
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.