Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sw2090
Honored Contributor

FMG 5.4 does not deploy anything anymore after Firmware upgrade

Hiho,

 

I have an FMG here that I had set up as a vm. This FMG manages 16 FGTs (which are physical devices), distributing device settings and also one standard policy package for them all. This all worked fine so far and it did survive several firmware update without any malfunctions.

Now I upgraded the FMG again from v5 build 1187 to v5 build 1225 (which is one step since there is nothing between those builds) in order to support v5.4.6 on the FGTs.

Since I did that I am unable to deploy device settings and/or policy packages to any of the FGTs. It  don't matter which firmware they run atm (some still have 5.4.3, some 5.4.4 or 5.4.5 and some already are updated to 5.4.6). 

Deployment starts when I trigger it but fails on the pre install checks and then is cancelled.

The only error I get is "-2 invalid Server". There is no more information.

I performed the DB Integrity checks all without any errors. 

So far this looks to me if something in build 1225 is pretty broken and will render your FMG rather useless so far.

 

Maybe someone already hat that and knows a solution?

 

greets

Sebastian

 

P.S.: I also opened a ticket at Fortinet Support but did not yet get any response from them so far.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
3 REPLIES 3
scao_FTNT
Staff
Staff

pls send me the ticket ID, I will review your ticket and I may need your db config to provide workaround solution, we can use ticket system to track this

 

Thanks

 

Simon

sw2090
Honored Contributor

Hi Simon,

 

Thanks. I meanwhile got a repsonse from EMEA TAC and we will arrange a remote session.

Ticket # is 2451719 btw.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090
Honored Contributor

After a detailed analysis of our FMG config the EMEA TAC finally found the solution:

 

There is an Option called like "polling servr" in the Single-Sign-On Settings which by default is empty. This then caused the problem. As ist is a global option and not a device setting I guess it was added with the last build of the FMG Firmware since from then on we encountered the problem.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors