Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kuligowskip
New Contributor

Fortimanager unable to install policy

Hi,

In our production we have got 33 different models of FortiGate firewalls connected to Fortimanager FMG400C. Suddenly, fortimanager is unable to install policies to all firewalls. It throws same error.

 

 

Here is the error:

Device:FG100D-SantFelieu580 VDOM: Post vdom failed: error entries - 12 :17 - unexpected input

Copy objects for vdom root

Here is a debug directly from FortiManager: 

SECURITY_CONSOLE: Prepare device (1) data time: 0 hours 0 minutes 0.143760 seconds. SECURITY_CONSOLE: Load dynamic obj time: 0 hours 0 minutes 0.001569 seconds. SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] Start copying policy to devdb, device(FG100D_Venray), vdomid(root) (reason:none) SECURITY_CONSOLE: (1) Using mm method. SECURITY_CONSOLE: Installing webfilter ftgd-local-rating SECURITY_CONSOLE: Installing webfilter ftgd-local-rating completed - 4 entries installed, 0 errors SECURITY_CONSOLE: Installing user radius SECURITY_CONSOLE: Installing user radius completed - 0 entries installed, 0 errors SECURITY_CONSOLE: Installing firewall policy TCL error(unexpected input). SECURITY_CONSOLE: Installing firewall policy completed - 11 entries installed, 0 errors SECURITY_CONSOLE: Installing firewall DoS-policy SECURITY_CONSOLE: Installing firewall DoS-policy completed - 1 entries installed, 0 errors SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] post commit check fail: entries - 12 unexpected input (reason:none) SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] post_vdom copy error (reason:none) SECURITY_CONSOLE: (1) [FG100D_Venray(root)[copy] root] Copy rollbacked, due to error (reason:none) SECURITY_CONSOLE: (1) Compile time: 0 hours 0 minutes 0.176222 seconds. SECURITY_CONSOLE: (1) Import time: 0 hours 0 minutes 0.018522 seconds. SECURITY_CONSOLE: (1) Change dvm status time: 0 hours 0 minutes 0.000001 seconds. SECURITY_CONSOLE: (1) Aborted due to previous error SECURITY_CONSOLE: (14) Overall time: 0 hours 0 minutes 5.005030 seconds. SECURITY_CONSOLE: 14 of 14 devices is done

What entries is the FM referring to ?Any help would be much appreciated. 

 

Pawel

1 REPLY 1
sw2090
SuperUser
SuperUser

hm debug log output from the communication with that FGT would be more ineresting.

Maybe it's something like I had:

 

In my case that happened it your entered a webfiter rating override withe a trailing slash in FortiManager it failed to roll that out because maybe of the same reason (never checked the FMG log but saw the reason in the FGT log on FMG) hence setting a webfilter rating override on CLI on a FGT (and this is what the FMG does behind the curtain) produces a "I have removed the trailing slash..." message from the FGT which the FortiManager could not handle and considered it to be an error (even though it was none). FortiNet TAC in this case confirmed that to be a bug at least in FMG 5.4.x . 

You log reminded me of this case since your FGT states there was no errors and no reason and thus reports a failure (Unexpected input).

 

Maybe this helps you further...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors