Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steff_FTNT
Staff
Staff

Edited FGT config not fully restored by FGT

In the case you apply modification to the config file, and restoring it some elements are discarded by FGT, as visible by the CLI "diag debug config-error-log read"

 

# diag debug config-error-log read
>>> "next" @ 891:global.system.interface.Lag115.124:failed command (error 1)
>>> "next" @ 901:global.system.interface.Lag115.137:failed command (error 1)
>>> "next" @ 911:global.system.interface.Lag115.139:failed command (error 1)
>>> "next" @ 921:global.system.interface.Lag115.550:failed command (error 1)
>>> "next" @ 931:global.system.interface.Lag115.159:failed command (error 1)
>>> "next" @ 941:global.system.interface.Lag115.161:failed command (error 1)
>>> "next" @ 951:global.system.interface.Lag115.320:failed command (error 1)
>>> "next" @ 961:global.system.interface.Lag102.322:failed command (error 1)
>>> "next" @ 971:global.system.interface.Lag102.324:failed command (error 1)
>>> "next" @ 980:global.system.interface.Lag102.326:failed command (error 1)
>>> "next" @ 990:global.system.interface.Lag102.675:failed command (error 1)
>>> "next" @ 1000:global.system.interface.Lag102.676:failed command (error 1)
>>> "next" @ 1020:global.system.interface.Lag112.145:failed command (error 1)
>>> "next" @ 1030:global.system.interface.Lag112.146:failed command (error 1)
>>> "next" @ 1040:global.system.interface.Lag112.147:failed command (error 1)
>>> "next" @ 1050:global.system.interface.Lag109.510:failed command (error 1)

 

for my case it was that one reference in the discarded elements, was specified at the end of the list. The parsing procedure was not aware of its existence when reading it, and for this reason it was discarding those interfaces.

 

Solution, move the object,  in the config file list, before the elements that are discarded.

 

hope it helps

 

1 REPLY 1
abarushka
Staff
Staff

Hello,

 

It is not recommended to edit configuration in the text editor, since there is no input validation which can lead to unexpected results.

FortiGate
Labels
Top Kudoed Authors