Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
vraev
Staff
Staff

Created on ‎09-12-2025 07:31 AM Edited on ‎09-15-2025 12:47 AM By Moderator

Article Id 410637

Troubleshooting Tip: Install fails on delete static entries for config firewall internet-service-custom

Description

 

This article describes an issue caused by recent FortiGuard updates having introduced new static entries on the FortiGates that FortiManager does not recognize. During the installation, FortiManager may attempt to delete these entries, assuming they are unused.

 

Scope

 

FortiManager.

 

Solution

 

In some cases, there is a mismatch of Internet Service built-in objects between FortiManager and FortiGate.

When the FortiManager attempts to delete them, the objects are considered internal and cannot be deleted.

 

The installation may finish with an error like the one below:

 

FortiGate (internet-service~tom) delete "BuiltIn-JFrog-JFrog"
Can not delete a static table entry
Command fail. Return code -61
FortiGate (internet-service~tom) delete "BuiltIn-PagerDuty-PagerDuty"
Can not delete a static table entry
Command fail. Return code -61
FortiGate (internet-service~tom) delete "BuiltIn-Brightree-Brightree"
Can not delete a static table entry
Command fail. Return code -61
FortiGate (internet-service~tom) end

 

If this happens, create a CLI script to have entries created on the ADOM database:

 

config firewall internet-service-custom
edit "BuiltIn-Brightree-Brightree"
set comment "BuiltIn ffdb-fqdn entry"
config entry
edit 4
next
edit 6
set addr-mode ipv6
next
end
next
edit "BuiltIn-PagerDuty-PagerDuty"
set comment "BuiltIn ffdb-fqdn entry"
config entry
edit 4
next
edit 6
set addr-mode ipv6
next
end
next
edit "BuiltIn-JFrog-JFrog"
set comment "BuiltIn ffdb-fqdn entry"
config entry
edit 4
next
edit 6
set addr-mode ipv6
next
end
next
end


FMG_CLI_script.png

After running it against a policy package.

 

After taking these steps, retrieve the configuration from the FortiGate by navigating to Device Manager -> Managed Devices -> Select the FortiGate -> Dashboard -> Summary -> 'Configuration and Installation' widget -> Revision -> Select the menu icon -> Retrieve.

 

After, perform the Install.

 

Note: If the Install preview shows that other built-in objects have been deleted, use the provided script and just change the names to the ones that are shown to be deleted.

Labels:
226
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.