"Configuration File Error" when trying to upload CLI script - works fine on CLI?

SSC_Seb · ‎04-11-2017

Hey all

Trying to automate a few things so I made a script that makes a script that makes the many objects I need to create on a regular basis. The problem is that whatever I do, I can't get the "Upload bulk CLI file" to take my CLI script, all I get is "configuration file error". Pasting the whole script on the CLI works fine and behaves exactly as expected, so I have no idea what the GUI upload function is going on about. Here's a super simple CLI script I made for testing:

config firewall address
edit "Blocked-IP-22.222.22.222"
set subnet 22.222.22.222 255.255.255.255
next
edit "Blocked-IP-222.22.222.22"
set subnet 222.22.222.22 255.255.255.255
next
edit "Blocked-IP-11.111.11.111"
set subnet 11.111.11.111 255.255.255.255
next
edit "Blocked-IP-111.11.111.11"
set subnet 111.11.111.11 255.255.255.255
next

end

4 simple address objects to create. Even if they exist, this doesn't produce any error on CLI since it's just editing existing objects anyway. GUI though, "configuration file error" and I can't really find anything on bulk scripts except that you just put the commands in the file and away you go. But it doesn't go. Why?

ede_pfau · ‎04-11-2017

hi,

I've just uploaded your script to my 60E, running v5.4.4, without any problems.

To debug bulk scripts:

1- connect via ssh or serial Console

2- enter 'diag deb en'

3- enter 'diag deb cli 7'

4- upload bulk script

You will see each line of the script echoed in the terminal, with "0:" prepended if successful and a negative number if not. You should see an error message then.

Finally,

5- diag deb cli 3

6- diag deb dis

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

ede_pfau · ‎04-11-2017

hi,

I've just uploaded your script to my 60E, running v5.4.4, without any problems.

To debug bulk scripts:

1- connect via ssh or serial Console

2- enter 'diag deb en'

3- enter 'diag deb cli 7'

4- upload bulk script

You will see each line of the script echoed in the terminal, with "0:" prepended if successful and a negative number if not. You should see an error message then.

Finally,

5- diag deb cli 3

6- diag deb dis

Ede Kernel panic: Aiee, killing interrupt handler!

SSC_Seb · ‎04-11-2017

That was useful. Unexpected output from the debug:

FGT1 # cmd=▒▒c -61: ▒▒c FGT1 # Backtrace: [0x08b64ea8] => /bin/httpsd [0x0834422a] => /bin/httpsd [0x08b64c1f] => /bin/httpsd [0x400a0ef8] => ../lib/libc.so.6 liboffset 0001cef8

Given the weird format, I checked my script file and let's just say the encoding was very strange (WTH is UCS 2 BE BOM?). Switched it to UTF-8, uploaded, works fine. Now to look at my master script and get it to set the encoding properly... Thanks for the help!

ede_pfau · ‎04-11-2017

Some editors include a BOM right at the start of the file to indicate the UTF encoding. FOS of course chokes on that.

Talk to your editor :)

Ede Kernel panic: Aiee, killing interrupt handler!

SSC_Seb · ‎04-11-2017

I spoke to my PowerShell script in gentle tones, got it to output UTF8, found out MS in their wisdom does BOM by default in PowerShell output with Out-File, switched all my encoding to ASCII because 1 byte should be enough for every char, and now the resulting file loads in FGT fine. I know there's workarounds to the PS BOM issue with .Net classes instead of Out-File but my script works now and that's all that's really important. Thanks for the help again.

ede_pfau · ‎08-07-2025

This should be marked as the definitive answer for those Powershell users out there! Encoding is fun. Try address names with German umlauts...

Ede Kernel panic: Aiee, killing interrupt handler!

Maerre · ‎08-07-2025

Hi @ede_pfau ,

could you help me with my script?

i have the same problem and giving your debug commands i have this output:

FortigateLAB: (Vpn) # cmd=/tmp/monitor_upload_wFhwAD
-1: config firewall address
-1: edit "10.0.1.105"
-1: set subnet 10.0.1.105 255.255.255.255
-1: next
-1: edit "10.0.8.1"
-1: set subnet 10.0.8.1 255.255.255.255
-1: next
-1: edit "10.150.2.0-24"
-1: set subnet 10.150.2.0 255.255.255.0
-1: next
-1: edit "10.150.44.0-24"
-1: set subnet 10.150.44.0 255.255.255.0
-1: next
-1: end
0:

i'm just trying to create new address objects in my specific vdom called "Vpn", but i can't understand the error onestly.

I'm uploading the script on the vpn context

ede_pfau · ‎08-07-2025

Every line beginning with "-1" indicates that an error has occurred.

IMHO the context is wrong.

If your config uses more than 1 VDOM, enter the VDOM first:

"end

config vdom

enter root"

as an example how to enter the "root" VDOM.

Next, you mention the "vpn" context - and it is indicated in the debug info. How does "vpn context" and "config firewall address" work together? How do you get into "vpn" context?

Ede Kernel panic: Aiee, killing interrupt handler!

Maerre · ‎08-07-2025

I found it out i was missing to enter in the context, i assumed that uploading the script via gui in the correct context was fine, but i was wrong, you still need to specify the context in the file.

Regarding your question, my context is called vpn and i need to upload the objects only into this context.

ede_pfau · ‎08-07-2025

that is correct, when the script is started it is "virgin".

From your answer I guess you refer to a VDOM named "vpn"?

Glad that it now works for you, maybe your answer will help others in this respect.

Ede Kernel panic: Aiee, killing interrupt handler!

"Configuration File Error" when trying to upload CLI script - works fine on CLI?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website