FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes a scenario where policy installation fails on a FortiGate-30G/31G device due to FortiManager attempting to push VPN SSL settings. However, this FortiGate model does not support SSL VPN. The following can be seen in the verification report on the FortiManager:
---> generating verification report (vdom root: vpn ssl settings:servercert) remote original: '' to be installed: <--- done generating verification report
Scope
FortiManager v7.2.10, v7.4.7, and v7.6.3 and below.
Solution
The behavior described is a known software issue and is resolved in FortiManager v7.2.11, v7.4.8, and v7.6.4. If an upgrade is not possible at the moment, the following workaround can be applied:
Disable Installation verification via FortiManager CLI:
config system dm set verify-install disable end
Retrieve & Install the relevant policy from the FortiGate.
Install the policy again. Installation should succeed moving forward.
It is advised to re-enable policy verification after the workaround has been implemented.
