Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rahul9968
New Contributor

Not able to add the fortinet Device 300C with FortiManager

Dear All,

 

when i am adding fortinet firewall 300C with firmware 5.2.4 or 5.2.5 to FortiManager 200D with firmware 5.2.4, i am getting error massage " Failed to reload Configuration" and data base not loading. 

 

I have attached the screen-shot for same.

 

Please suggest the solution asap.  

 

Regards...

Rahul

9968210761

8 REPLIES 8
MrSinners
Contributor

Hi Rahul,

 

This is a known bug, caused by a specific command in the firewall configuration. To solve this, the problematic command needs to be removed on the firewall before adding it to the FortiManager. Log in on the firewall and perform these command's:

 

config webfilter profile edit default config ftgd-wf config filters show

 

Then look for entries that contain "category 32", such as:

 

edit <number>   set action warning   set category 32   next end

 

Delete every entry that contains "category 32":

Delete <number> end

 

To confirm that all entries are removed, download the FortiGate backup file and search for "category 32", no entry should be found. Once all "category 32" entries are removed, adding the FortiGate to the FortiManager should succeed.

rahul9968
New Contributor

Hi,

 

I have done these all step and still i am able to add my firewall to fortimanager. 

1) Remove firewall from fortimanger 

2) then run command on firewall

config webfilter profile edit default config ftgd-wf config filters show

 

3) No showing any "category 32"

 

I have attached screen shot for same.

 

Please help me asap. 

scao_FTNT

pls search all FGT CLI config for  "category 32" (you can backup config on FGT and then search in the file). not just default, see if can find it

 

Thanks

 

Simon

rahul9968

Hi, Simon,

 

Thanks for support. I have added the firewall to fortimanager, but we are facing the new issue. I have created some user in firewall for VPN, but in fortimanager users are now showing. 

 

Please suggest the solutions asap. 

scao_FTNT

so you configured user on FGT and that user only used by VPN IPsec? and you do not use FMG VPN Manager for VPN IPSec (interface based) setup?

 

you need to retrieve config to FMG and import policy, when import, select to import all object, not just policy used object, then after import, you will see these users in policy object list

 

Thanks

 

Simon

rahul9968

Hi,

 

We created user for IP Sec. VPN. I am not very use too with fortimanger. can you guide me ? how can i import policy in fortimanger. 

scao_FTNT

from your 1st attached pic, I think your FMG does not enable ADOM function, so from "Device Manager", for your config changed device, pls check device list, "Config Status" column, if device shows green synced or auto-updated, if not, pls double click device name and enter device config menu, system - dashboard, find "Configuration and Installation Status" widget and "Total Revisions" line, click for "Revision History" page, and do a "Retrieve", to update FMG device database config with remote FGT config, this revision history page keeps all retrieved and installed revision (for each time you do config install on FMG)

 

and after retrieve config done, back to Device Manager, you will see "Config Status" now shows green synced status, and then right click on that device, there has a right click menu, in menu bottom, there has an "Import Policy" function, which is to import FGT policy to FMG "Policy & Objects" as a policy package (and then you should do policy related config change from "Policy & Objects" and install to FGT)

 

in 2nd step of import wizard, "Import Policy Database",

 Object SelectionImport only policy dependent objectsImport all objects

here select "Import all objects", then FMG will import all object config into policy database, including those not used, or used not by policy (like only by ipsec VPN)

 

after import finish, then in policy & objects page, check for your config

 

also, for IPSec VPN change, if you do not use FMG VPN Manager function, you still can do changes from Device Manager, we have a per device config menu for VPN config

 

Thanks

 

Simon

 

 

rahul9968
New Contributor

Hi,

 

Thanks for you support. I have done it. :) 

Labels
Top Kudoed Authors