Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wbea
New Contributor

Not able to Install Policy Package & Device Settings

I need help resolving this issue. Please see the error log below:

Copy device global objects

validation error on firewall policy 5, by dynamic interface check

Vdom copy failed:
error 15 - used

Copy objects for VDOM root
"firewall ssl-ssh-profile", "certificate-inspection", id=3586, SKIP - (null)
"firewall SSL-ssh-profile", "deep-inspection", id=3595, SKIP - (null)
"endpoint-control FCTEMS", "1", id=4831, SKIP - (null)

....

4 REPLIES 4
sw2090
SuperUser
SuperUser

it is hard to say but looks like something is wrong with the interfaces in that policy.

Anyway your FMG did install the Policy Package & Device Settings. It just skipped the erroneous policy.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
wbea
New Contributor

@sw2090 thanks for your comment. I could not proceed with the installation of the Policy Package & Device Settings because of the error. So FMG did install the Policy Package & Device Settings. It still says "Never Installed".

funkylicious
SuperUser
SuperUser

Hi,

According to the error message it says something about a interface in rule id #5 that uses a dynamic interface object that maybe is not mapped/created for the device in question ?

Also, take a look at this to see what does "Never installled" means.

---------------------------
geek
---------------------------
---------------------------geek---------------------------
wbea

The issue was caused by Rule id #5. To resolve it, I re-imported the policy package and cloned a new policy that does not include rule #5. Thank you for your response.

Labels
Top Kudoed Authors