Fortinet black logo

online help

Reviewing errors after FortiGate import

Copy Link
Copy Doc ID a26371c3-75fd-11ea-9384-00505692583a:110267

Reviewing errors after FortiGate import

In the FortiGate import wizard, when you click the Import Config button, FortiConverter will attempt to import all the converted configuration onto the target device.

You can see each configuration import status in real time. After import completed, you can review the Warning or Error configuration under each category.

CLI Comparison will help you to see the difference between an unsuccessful import config and the corresponding config on the target device.

On the top-right side, you can copy commands to clipboard and paste to the FortiGate command-line interface for explanation on import failure.

Reasons that may cause import failure:

  • Make sure every command relative to the interface is loaded successfully onto the device.
  • Warning Tag
    • The tunnel interfaces are skipped.

    • The config system admin (super admin) will need to import manually. It’s recommended to config at the end.

    • FortiConverter won’t import confidential information such as Certificate, FortiToken, and password. etc.

  • Error Tag
    • Error -651 (Input value error): The CLI command is incorrect, this may be triggered by the FortiOS upgrade and the command is no longer supported. Please kindly send a mail to fconvert_feedback@fortinet.com to notify us.

    • Error -3 (Entry not found): The given value hasn’t been configured on the device. Please review other error-tags to see if the entry is configured correctly.

The errors are mostly triggered by improper interface settings (error code -3). We suggest reviewing the interface first. After the interface settings are manually fixed, the rest of the error configurations can be pushed onto the device individually.

Alternatively, you can choose to export all or specific configurations and upload them to the device.

Review using the CLI command diagnose debug config-error-log:

$ diagnose debug enable

$ diagnose debug config-error-log

$ diagnose debug cli 5

You will see the line of code which causes the object to fail to import. In many cases, one failed object leads to many other lines of failure.

Reviewing errors after FortiGate import

In the FortiGate import wizard, when you click the Import Config button, FortiConverter will attempt to import all the converted configuration onto the target device.

You can see each configuration import status in real time. After import completed, you can review the Warning or Error configuration under each category.

CLI Comparison will help you to see the difference between an unsuccessful import config and the corresponding config on the target device.

On the top-right side, you can copy commands to clipboard and paste to the FortiGate command-line interface for explanation on import failure.

Reasons that may cause import failure:

  • Make sure every command relative to the interface is loaded successfully onto the device.
  • Warning Tag
    • The tunnel interfaces are skipped.

    • The config system admin (super admin) will need to import manually. It’s recommended to config at the end.

    • FortiConverter won’t import confidential information such as Certificate, FortiToken, and password. etc.

  • Error Tag
    • Error -651 (Input value error): The CLI command is incorrect, this may be triggered by the FortiOS upgrade and the command is no longer supported. Please kindly send a mail to fconvert_feedback@fortinet.com to notify us.

    • Error -3 (Entry not found): The given value hasn’t been configured on the device. Please review other error-tags to see if the entry is configured correctly.

The errors are mostly triggered by improper interface settings (error code -3). We suggest reviewing the interface first. After the interface settings are manually fixed, the rest of the error configurations can be pushed onto the device individually.

Alternatively, you can choose to export all or specific configurations and upload them to the device.

Review using the CLI command diagnose debug config-error-log:

$ diagnose debug enable

$ diagnose debug config-error-log

$ diagnose debug cli 5

You will see the line of code which causes the object to fail to import. In many cases, one failed object leads to many other lines of failure.