I am doing a deploy to several FGT-60Fs and both are having this same problem. When trying to resync from FortiManager, it fails. When looking at the log to see what is failing, it shows items I have not configured from FortiManager and I am not sure where it is coming from.
Here is an example of what is failing (which I did not explicitly configure in FortiManager). I'm guessing its built-in. This behavior only appears to happen on root vdom. How do I fix this?
FTM v7.2.2-build1334 230201
FGT-60F 7.2.4,build1396 (GA)
FortiGate-60F (root) $ config dlp dictionary
FortiGate-60F (dictionary) $ edit "SSN-Sensor-r1d"
FortiGate-60F (SSN-Sensor-r1d) $ set uuid 922215c4-b22f-51ed-c525-c88719146daa
FortiGate-60F (SSN-Sensor-r1d) $ config entries
FortiGate-60F (entries) $ edit 1
FortiGate-60F (1) $ set type "regex"
FortiGate-60F (1) $ set pattern "WebEx"
FortiGate-60F (1) $ next
Pattern check failed: Pattern 'WebEx' did not match 'built-in'.
object set operator error, -39 discard the setting
Command fail. Return code 1
FortiGate-60F (entries) $ end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
By default there is no dictionary configured on 60F. Please check FMG for any global object, CLI script or command line that might be configuring this.
that is an annoying issue in general. I during my years of using FMG here encountered several cases where FMG rendered a config that it then couldn't deploy...
And in most cases you unfortunately do not get a that clear error message in the log....
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
just annother example: Ipsec phase1 names. FMG does not care about the 15chars limit the FGT have and let's you set longer names without any errors. But it will fail on deployment then because the FGT states the name is too long...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Opened a case with support. According to the support engineer, my issues were related to a bug with my SSO user not being 'full admin' even though it is set to super in the GUI. You need to put this under your SSO user in the CLI. I didn't ask for the bug ID.
FMG # config system admin user
(user)# edit "adminuser@domain.com"
(adminuser@domain.com)# set rpc-permit read-write
I was fiddling aroung with FortiManager and now when I try to install a config or a policy it doesn't let me choose any device. The window where I could select a FW is empty. Before that, it tried to install wireless AP controller configs on my 60D and failed. I removed the device, added it again and now the list is just empty. I did try to turn it off and on again :)
Any ideas what could cause this? I can see the devices in the device manager but when I try to install either configs or a new policy (either from device manager or from Policy&Objects) the device list is empty.
Thanks
usually FMG does not show a device to chose when it considered there is nothing to deploy to that device. Sometimes FMG seems to be wrong here though...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.