Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wcbenyip
New Contributor III

Created on ‎10-21-2012 07:26 PM

Added addrgrp cannot found when creating policy...

Hi, I am now working on the FG310B, and try to setting up the policy manually from the conf file of my old FG box. I found that even I add the address group via the GUI or cmd line, the addrgrp is out there without any error when adding the addresses, but finally it always will say: # set srcaddr " Permitted servers for Site_A" entry not found in datasource value parse error before ' Permitted servers for Site_A' Command fail. Return code -3 I think it may be affected by the belong interface of the address inside the group, so I changed every address entry fr. specified interface to ' any' , however, the same error still exist... In the firewall policy, I have the other similar entries which work properly... Anyone can help or have any insight? I thought it maybe the FG bug again.... I am waiting for the suitable moment to reboot the device....
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
2414
0 Kudos
4 REPLIES 4
ede_pfau
SuperUser
SuperUser

Created on ‎10-22-2012 12:17 AM

So, what is your FortiOS version? FYI, mine is 4.2.12, and this works:
     config firewall policy
    edit 42
         set srcintf " internal" 
         set dstintf " dmz" 
             set srcaddr " A and B"              
             set dstaddr " Permitted servers for Site_A"              
         set schedule " always" 
             set service " ANY"              
     next
The only feature that doesn' t work is the command line completion via TAB. TAB will always stop before the first blank in the object name. But I could enter the address group name manually without any error.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1865
0 Kudos
wcbenyip
New Contributor III

Created on ‎10-22-2012 09:37 PM

The firmware is 4.0 MR3 Patch 10 (build0639), the latest version. In my case, I tried to type the cmd lines manually (not copy & paste), and also didn' t used tab instead of space. Just don' t know why it' s not working! ################################# After the most magic step - Rebooting, I can now add the addrgrp to the box via cmd line~ Haiz, seems reboot can fix any unknown and unexpected issues...
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
1871
0 Kudos
RH2
New Contributor II

Created on ‎11-15-2012 09:43 AM

Get rid of the spaces in your addresses!!!! They will cause you nothing but problems. We had several that we could not delete or edit because of the blanks in their names. We also had random errors when trying to apply changes from the manager. Once we renamed all objects to remove spaces we have had much fewer issues.
1871
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎11-15-2012 11:51 AM

Just a heads up, too regarding spaces. We were upgrading from MR2 to MR3 and ran into this problem. We had to change all the space chars to underscores in the address labels.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
1871
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.