Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mattbrice
New Contributor

Fortimanager errors out

I'm new to Fortinet/Fortigate and am using a 40F as a lab learning device. I have just a few configs that is causing the push install to fail. All it is :

config system interface
2: delete "lan3"
3: delete "lan2"
4: delete "lan1"
5:end

All three error out with message:

 

"The entry is used by other 1 entries.  Command fail. Return code -23"

 

So how do I undo these commands?  I can't figure it out.

1 Solution
axel_gonzalez_FTNT

Try to retrieve configuration so that you update device layer

 

Device manager > Managed devices > Double click on your FGT > Configuration and Installation > Revision > Total revisions > Revision History > Retrieve config

 

axel_gonzalez_FTNT_0-1638559723231.png

 Once retrieve, try again

AX

View solution in original post

8 REPLIES 8
axel_gonzalez_FTNT

Try to retrieve configuration so that you update device layer

 

Device manager > Managed devices > Double click on your FGT > Configuration and Installation > Revision > Total revisions > Revision History > Retrieve config

 

axel_gonzalez_FTNT_0-1638559723231.png

 Once retrieve, try again

AX
mattbrice

No change.  Same error.

 

Do I need to do anything after I "Retrieve Config" ?

Toshi_Esumi
Esteemed Contributor II

Retrieving should recover from the errors. But what exactly tried to configure? Those three interfaces are "lan" hard-switch members by default so they're not in "config system interface". Even if you broke the hard-switch to individual interfaces, those physical individual interfaces can not be removed.

Whatever you tried to configure, the FMG should not try removing those physical interfaces, unless you specifically used CLI templates or CLI scripts to "delete" them.

 

Toshi

mattbrice

I did not use CLI templates or CLI scripts.  I'm not sure how I got to my current state, to be honest.   I guess I'll try to retrieve the earliest version.

mattbrice

So i went back in time to original config a "Retrieve"d it and now it works. Thanks for help.

Toshi_Esumi
Esteemed Contributor II

My recommendation is if you want to change "hard-switch" (including removing "a" port from "fortilink") or create new "soft-switch" on 40F, do it directly on the device without using the FMG. Then "Retrieve Config" to pull everything from the device into the FMG, or don't register the 40F until that point. Then use the retrieved config as the "baseline" config.

Modifying those from FMG is tricky in my experience.

mattbrice
New Contributor

I think I 'retrieved' an older version that was successful.

Toshi_Esumi
Esteemed Contributor II

"Retrieve Config" AX meant is to retrieve the current config from the device and create a new revision at the FMG. Going back to the older version is "Revert" in the menu under "More" in Revision screen.