Greetings everyone,
I am opening this case because I have set up a virtual lab with a FortiManager that manages three FortiGates, ALL with TRIAL licenses. The entire lab is virtual, using the following versions:
- FMG_VM64_KVM-v7.6.1.M-build3344-FORTINET.out.kvm
- FGT_VM64_KVM-v7.6.2.F-build3462-FORTINET.out.kvm
The FortiGates are registered using the following command in FortiManager:
config sys global
set fgfm-peercert-withoutsn enable
end
The Issue
After registering the devices, the problem arises when pushing configurations or policies to the FortiGate, as it always results in an error. As shown in the images below:
Install OK / Verify FAIL
When expanding the error message from the FortiManager UI:
Checking the Install Log reveals that the issue occurs because FortiManager attempts to modify (delete) the WebFilter profile "monitor-all", as shown in the following image:
CLI Test on FortiGate
The issue is that FortiGate does not allow the deletion of this default profile. Running the command directly on the FortiGate CLI results in the same error:
FW-CENTRAL (profile) # delete monitor-all
Can not delete a static table entry
Command fail. Return code -61
Important Observation
Even though this error occurs, the configurations and policies ARE actually applied on the FortiGate.
Troubleshooting Attempts
- Downgraded FortiGate to version 7.6.0, as I have confirmed that FortiManager 7.6.1 and FortiGate 7.6.2 may have compatibility issues. However, a similar (but not identical) issue occurred with 7.6.0.
Searched for similar issues and found an open discussion in the Fortinet forum:
Thanks for your help!!!
