Hi,
In our production we have got 33 different models of FortiGate firewalls connected to Fortimanager FMG400C. Suddenly, fortimanager is unable to install policies to all firewalls. It throws same error.
Here is the error:
Device:FG100D-SantFelieu580 VDOM: Post vdom failed: error entries - 12 :17 - unexpected input
Copy objects for vdom root
Here is a debug directly from FortiManager:
SECURITY_CONSOLE: Prepare device (1) data time: 0 hours 0 minutes 0.143760 seconds. SECURITY_CONSOLE: Load dynamic obj time: 0 hours 0 minutes 0.001569 seconds. SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] Start copying policy to devdb, device(FG100D_Venray), vdomid(root) (reason:none) SECURITY_CONSOLE: (1) Using mm method. SECURITY_CONSOLE: Installing webfilter ftgd-local-rating SECURITY_CONSOLE: Installing webfilter ftgd-local-rating completed - 4 entries installed, 0 errors SECURITY_CONSOLE: Installing user radius SECURITY_CONSOLE: Installing user radius completed - 0 entries installed, 0 errors SECURITY_CONSOLE: Installing firewall policy TCL error(unexpected input). SECURITY_CONSOLE: Installing firewall policy completed - 11 entries installed, 0 errors SECURITY_CONSOLE: Installing firewall DoS-policy SECURITY_CONSOLE: Installing firewall DoS-policy completed - 1 entries installed, 0 errors SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] post commit check fail: entries - 12 unexpected input (reason:none) SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] post_vdom copy error (reason:none) SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] Copy rollbacked, due to error (reason:none) SECURITY_CONSOLE: (1) Compile time: 0 hours 0 minutes 0.176222 seconds. SECURITY_CONSOLE: (1) Import time: 0 hours 0 minutes 0.018522 seconds. SECURITY_CONSOLE: (1) Change dvm status time: 0 hours 0 minutes 0.000001 seconds. SECURITY_CONSOLE: (1) Aborted due to previous error SECURITY_CONSOLE: (14) Overall time: 0 hours 0 minutes 5.005030 seconds. SECURITY_CONSOLE: 14 of 14 devices is done
What entries is the FM referring to ?Any help would be much appreciated.
Pawel
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hm debug log output from the communication with that FGT would be more ineresting.
Maybe it's something like I had:
In my case that happened it your entered a webfiter rating override withe a trailing slash in FortiManager it failed to roll that out because maybe of the same reason (never checked the FMG log but saw the reason in the FGT log on FMG) hence setting a webfilter rating override on CLI on a FGT (and this is what the FMG does behind the curtain) produces a "I have removed the trailing slash..." message from the FGT which the FortiManager could not handle and considered it to be an error (even though it was none). FortiNet TAC in this case confirmed that to be a bug at least in FMG 5.4.x .
You log reminded me of this case since your FGT states there was no errors and no reason and thus reports a failure (Unexpected input).
Maybe this helps you further...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.