Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Belgarioz
New Contributor III

Unable to Import Policies

Hello, I am unable to import firewall policies to FMG.

In the FMG I have a “never installed “ raining and it’s fine, but when I import Policies from the FGT I keep getting this:


import objs: dev(xxxx-FW),vdom(root),adom(xxx),package(xxxxx_root)
Failed to commit changes (command(set firewall policy.8:dstaddr xx.xx.xx.xx "*.xxx.com") detail(datasrc invalid. object: firewall policy dstaddr. detail: GOOGLE. solution: data cannot be used. reason: invalid value - prop[dstaddr]: Address group cannot contains wildcard-fqdn type address))


 

In the firewall there are NO wildcard-FQDN addresses in the whole firewall!!!!! The policy is working and it is making traffic, it’s just can’t be imported



4 REPLIES 4
emnoc
Esteemed Contributor III

Address group cannot contains wildcard-fqdn type address))
I would inspect the policyid#8 and triple check the error looks clearly like something has a wildcard entry and the dst addr value

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Belgarioz
New Contributor III

Hello,

 

I know the problem lies there, but there is NO wildcards FQDN Address in the whole firewall.

Going to firewall -> Address list and scrolling down, there is NO FQDN address list.

 

IT seems Fortiguard, during the import, is importing another Address Object that lies elsewhere not in the firewall itself

brazz_FTNT

Hey,

 

What is the Version of  your FMG , FGT , and ADOM in question?

 

Cheers

Belgarioz
New Contributor III

Hello :)

 

all of them are 5.6.2

 

Anyway, I have solved removing the FGT from FMG and readding it :)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors