Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asostizzo_FTNT
Staff
Staff

Created on ‎01-04-2016 09:03 AM Edited on ‎12-07-2023 09:10 AM By Moderator

Article Id 190356

Troubleshooting Tip: FortiManager retrieve fails due to invalid webfilter category

Description


This article describes how to solve an issue that occurs while retrieving FortiGate's configuration or adding a new Log Device after upgrading FortiManager. The following error displays while retrieving device configuration:

 
'Failed to reload configuration. 'datasrc invalid. object: webfilter profile ftgd-wf filters category. detail: "XX". solution: data not exist"'.
 
Where 'XX' is a FortiGuard Webfilter category ID.
 
Scope
 
FortiManager.
 
Solution
 
On the FortiGate, FortiGuard Webfilter categories are updated or removed which leads to updated versions of FortiManager not recognizing these category references in the FortiGate configuration.
 

In order to resolve the issue, use the CLI to remove any reference to the category ID displayed in the error message from FortiGate's WebFilter profiles.

 
For example:

Attempts to add the FortiGate to the FortiManager fail due to Web Filter FortiGuard Category 32 being present on the FortiGate but not on the FortiManager.

Category 32 is a deprecated category that no longer exists but has lingered on the FortiGate from previous upgrades.
 
Remove the specific Filter ID associated with the category or change the category value via the CLI:
 
config webfilter profile
edit <profile>
config ftgd-wf
config filters
delete <filter id>
end
end
end


Problem Verification.


In order to confirm the FortiGuard category is listed in the FortiGate configuration, run the following command in the CLI:

 
Note: the following assumes the problem category is of ID 32.
 
config webfilter pofile
show full-configuration | grep -f "category 32"
 
This should show the portion of the configuration (indicated in bold') where the category is referenced in the configuration:
 
config filters
    edit 23
        set category 32
        set action monitor
        set log enable
    next
end
 
In order to add the device successfully on the FortiManager, any reference to FortiGuard category 32 must be deleted from the FortiGate.

In the FortiGate CLI:
 
config vdom
edit <vdom_name>  <- Replace with the name of the VDOM. If VDOMs are not configured, proceed to the next command.
config webfilter profile
edit <profile_name>  <- Replace with the name of the Web Filter Profile.
config ftgd-wf
config filters
show  <- Show to see where 'category 32' is set, if at all. Optionally, use 'show | grep 32' to search the filters for the number 32.
delete <ID>  <- Replace with the entry number that category 32 was set on.
end
end
end
end
 
The best practice is to backup the FortiGate configuration file and search for instances of 'set category 32' in a text editor.
 
Once all entries are removed, the FortiGate can be added successfully to the FortiManager.


Comments
For example, the following are valid WebFilter Categories as of FortiOS 5.2.4:

 
  0 Unrated
  1 Drug Abuse
  2 Alternative Beliefs
  3 Hacking
  4 Illegal or Unethical
  5 Discrimination
  6 Explicit Violence
  7 Abortion
  8 Other Adult Materials
  9 Advocacy Organizations
 11 Gambling
 12 Extremist Groups
 13 Nudity and Risque
 14 Pornography
 15 Dating
 16 Weapons (sales)
 17 Advertising
 18 Brokerage and Trading
 19 Freeware and Software Downloads
 20 Games
 23 Web-based Email
 24 File Sharing and Storage
 25 Streaming Media and Download
 26 Malicious Websites
 28 Entertainment
 29 Arts and Culture
 30 Education
 31 Finance and Banking
 33 Health and Wellness
 34 Job Search
 35 Medicine
 36 News and Media
 37 Social Networking
 38 Political Organizations
 39 Reference
 40 Global Religion
 41 Search Engines and Portals
 42 Shopping and Auction
 43 General Organizations
 44 Society and Lifestyles
 46 Sports
 47 Travel
 48 Personal Vehicles
 49 Business
 50 Information and Computer Security
 51 Government and Legal Organizations
 52 Information Technology
 53 Armed Forces
 54 Dynamic Content
 55 Meaningless Content
 56 Web Hosting
 57 Marijuana
 58 Folklore
 59 Proxy Avoidance
 61 Phishing
 62 Plagiarism
 63 Sex Education
 64 Alcohol
 65 Tobacco
 66 Lingerie and Swimsuit
 67 Sports Hunting and War Games
 68 Web Chat
 69 Instant Messaging
 70 Newsgroups and Message Boards
 71 Digital Postcards
 72 Peer-to-peer File Sharing
 75 Internet Radio and TV
 76 Internet Telephony
 77 Child Education
 78 Real Estate
 79 Restaurant and Dining
 80 Personal Websites and Blogs
 81 Secure Websites
 82 Content Servers
 83 Child Abuse
 84 Web-based Applications
 85 Domain Parking
 86 Spam URLs
 87 Personal Privacy
140 custom1
141 custom2
4409
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.