Error Messages
If an error occurs, FortiConverter inserts error messages and warnings into the conversion output file config-all.txt
.
These warnings aren't inserted in any configuration branch files.
Review the config-all.txt file after each conversion for errors. These errors and warning messages might cause the import process to fail, if not corrected. |
Undefined objects
# Error: Undefined interface/address/service/ippool object <NAME>;
This error occurs when an object used in the policy isn't previously defined. Make sure the object name is correct.
Interface
# Warning: Please input vlan interface
This warning means the physical interface of a vlan interface isn't specified.
Zone
# Warning: Interface exists in other Zone.
This warning means an interface belongs to two zones simultaneously. An interface should not belong to more than one zone at a time.
Service
# Error: The number of service custom is <NUMBER>, exceed <NUMBER> limitation.
The number of services exceeds the maximum number supported by the selected FortiGate model.
Service group
# Error: Unconverted members in service group <NAME>
This error occurs when objects in the mentioned service group aren't converted and the service group becomes empty.
User
# Warning: can't support radius server group
This warning means the source configuration contains a radius server group. FortiGate doesn't support radius server groups. This warning only appears in Check Point conversions.
# Warning: can't find out radius server
This warning means the radius server of the user isn't defined in the source configuration. This warning only appears in Check Point conversions.
# Warning: Please reset the shared secret key.
This warning means the password in the source configuration is encrypted. Reset the shared secret key.
VIP
# Warning: Public IP confliction for below objects.
This warning appears when different VIP objects have the same public IP. Different VIP objects should not have the same public IP in FortiOS. To fix this issue, add port forwarding or source filter information to the conflicted VIP object.
VPN phase1
# Warning: <NAME> exceed 35 characters"
This warning means the Phase1 name exceeds 35 characters. Manually fix the name.
# Warning: remote-gw should be IP address, object <NAME> was not defined
This error occurs when the source configuration provides an address name for the remote-gw field. The remote-gw field should be an IP address.
# Warning: Please reset the pre-shared key.
All pre-shared keys are set to "123456" in the converted VPN object, if the password in source config is encrypted. Users should reset the pre-shared keys.
VPN phase2
# Warning: <NAME> exceed 35 characters
This warning appears when a Phase2 name exceed 35 characters. To fix this issue, fix the name manually.
Policy
# set utm-status enable
# set application-list NAME1 NAME2
# Application-list support only one item, please recheck config file.
This error means there are multiple items in the application list. There should be only one item in the application list. If there are multiple items given in the source configuration, reset the items.
# Warning: Removed self traffic object <NAME> from address list
# Warning: Comment out self traffic policy - object name <NAME>
Check Point policies may contain "self traffic" policies, but those policies aren't needed in FortiOS.
# Warning: Comment out default drop all policy
There may be a "drop all" policy in the end of the policy list for some vendors. But FortiOS has its own "drop all" policy by default, so the one in source configuration should be commented out.
Route static
# Warning: Please input field <device>
FortiOS requires the "device" (interface) route field.
Snmp sysinfo
# Warning: Community <NAME> has <NUMBER> hosts, beyond the limitation <NUMBER>.
The number of hosts in a community exceeds the maximum number supported by the FortiGate selected model.
Other warnings
Name length
# Warning: truncate <OBJECT> name <NAME> to <NUMBER> characters
# Warning: Trim <NAME> to <NUMBER> characters
When FortiConverter detects an object name that is longer than the limit given in FortiOS, FortiConverter renames the object.
Route BGP
# Warning: Please reset the password.
This warning appears when the password of route BGP neighbors in the source configuration is encrypted. Reset the password of the route BGP neighbors.
Route OSPF
# Warning: Please reset the md5 key.
This warning appears when the md5 key of the OSPF interface in the source configuration is encrypted. Reset the md5 key.