Description
This article describes how to troubleshoot when importing policy package fails due to the '(invalid in Virtual_wire_pair)) binding fail' error.
"firewall policy",FAIL,"(name=68, oid=4454, reason=interface(interface binding contradiction. detail: port4(invalid in Virtual_wire_pair)) binding fail)"
"system virtual-wire-pair",FAIL,"(name=vw1, oid=4453, reason=interface(port4(invalid in Virtual_wire_pair)) binding fail)"
Scope
FortiManager, FortiGate.
Solution
Basically, this is due to the virtual wire pair interface members being mapped as the normalized interface is being used on others (such as policies):
For example, this configuration on the FortiGate using 'port4' and 'port5' as members for a virtual wire pair named vw1, and creates a policy using the members.
When importing the policy package to FortiManager, it will fail due to virtual wire pair binding failing.
To solve this, change the virtual wire pair interface members normalized interface to a unique name which is not being used in the ADOM database:
OR remove the virtual wire pair interface members used in the policies.
Related article:
Troubleshooting Tip: Unable to import policy package due to error 'Device mapping:: "query failed"'
