Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
smkml
Staff
Staff

Created on ‎06-23-2024 10:57 PM

Article Id 321866

Troubleshooting Tip: Install policy package error 'error filters - xx : -xx - invalid category ID'

Description

 

his article describes the error for installation failed due to the 'error filters - xx : -xx - invalid category ID' error.

 

error filters.png

 

Scope

 

FortiManager, FortiGate.

 

Solution

 

Debug command:

 

diag debug application securityconsole 255

diag debug enable

 

Debug output:

 

   SECURITY_CONSOLE: Installing dynamic interface completed - 15 entries installed, 0 errors
   SECURITY_CONSOLE: Installing firewall policy
   TCL error(Invalid category ID: ).
   obj filters
   action:block
   auth-usr-grp:
   category:
   id:100
   log:enable
   override-replacemsg:
   warn-duration:5m
   warning-duration-type:timeout
   warning-prompt:per-category
   TCL error(Invalid category ID: ).
   obj filters
   action:block
   auth-usr-grp:
   category:
   id:101
   log:enable
   override-replacemsg:
   warn-duration:5m
   warning-duration-type:timeout
   warning-prompt:per-category
   SECURITY_CONSOLE: Installing firewall policy completed - 8 entries installed, 0 errors
   SECURITY_CONSOLE: copy all policies: 0 hours 0 minutes 0.962435 seconds.
   add 0 fail references back to pending list
   SECURITY_CONSOLE: (1) [FGT[copy] root] post commit check fail: filters - 101-Invalid category ID:       
   SECURITY_CONSOLE: (1) [FGT[copy] root] post_vdom copy error: filters - 101:(errcode)-2-Invalid category ID
   SECURITY_CONSOLE: (1) [FGT[copy] root] Copy rollbacked, due to error (reason:none)

 

Make sure the ADOM version and with FortiGate version are the same so that the filter categories in Web Filter are compatible with each other.

Sometimes, in FortiGate newer version will introduce new Web Filter categories, for example v7.4.1 added two categories, which is:

 

100 - Artificial Intelligence Technology.

101 - Cryptocurrency.

 

For example:

FortiManager in v7.4.x , FortiGate running in version v7.2 in ADOM v7.4.

 

This will lead to installation failure since the new categories are not supported in the lower version. Despite having a challenge to perform an upgrade or migrate to a new ADOM, removing the categories in the Web Filter profile can resolve the issue. Make sure to select the correct profile that used in the policy of installed FortiGate.

 

Go to Policy & Objects -> Advanced -> CLI Configurations -> Search -> Webfilter -> Profile, select profile that used in the policy -> Filters,  find the categories and then, select 'Delete'.

 

remove categories.gif

Related Articles:

Technical Tip: Configuration options are not available in GUI 
Technical Tip: How to check the web filtering categories corresponding to the category ID 

432
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.