Description
This article describes how to solve an issue that occurs while retrieving FortiGate's configuration or adding a new Log Device after upgrading FortiManager. The following error displays while retrieving device configuration:
'Failed to reload configuration. 'datasrc invalid. object: webfilter profile ftgd-wf filters category. detail: "XX". solution: data not exist"'.
Where 'XX' is a FortiGuard Webfilter category ID.
Scope
FortiManager.
Solution
On the FortiGate, FortiGuard Webfilter categories are updated or removed which leads to updated versions of FortiManager not recognizing these category references in the FortiGate configuration.
In order to resolve the issue, use the CLI to remove any reference to the category ID displayed in the error message from FortiGate's WebFilter profiles.
For example:
Attempts to add the FortiGate to the FortiManager fail due to Web Filter FortiGuard Category 32 being present on the FortiGate but not on the FortiManager.
Category 32 is a deprecated category that no longer exists but has lingered on the FortiGate from previous upgrades.
Remove the specific Filter ID associated with the category or change the category value via the CLI:
config webfilter profile
edit <profile>
config ftgd-wf
config filters
delete <filter id>
end
end
end
Problem Verification.
In order to confirm the FortiGuard category is listed in the FortiGate configuration, run the following command in the CLI:
Note: the following assumes the problem category is of ID 32.
config webfilter pofile
show full-configuration | grep -f "category 32"
This should show the portion of the configuration (indicated in bold') where the category is referenced in the configuration:
config filters
edit 23
set category 32
set action monitor
set log enable
next
end
In order to add the device successfully on the FortiManager, any reference to FortiGuard category 32 must be deleted from the FortiGate.
In the FortiGate CLI:
config vdom
edit <vdom_name> <- Replace with the name of the VDOM. If VDOMs are not configured, proceed to the next command.
config webfilter profile
edit <profile_name> <- Replace with the name of the Web Filter Profile.
config ftgd-wf
config filters
show <- Show to see where 'category 32' is set, if at all. Optionally, use 'show | grep 32' to search the filters for the number 32.
delete <ID> <- Replace with the entry number that category 32 was set on.
end
end
end
end
The best practice is to backup the FortiGate configuration file and search for instances of 'set category 32' in a text editor.
Once all entries are removed, the FortiGate can be added successfully to the FortiManager.
Comments
For example, the following are valid WebFilter Categories as of FortiOS 5.2.4:
0 Unrated
1 Drug Abuse
2 Alternative Beliefs
3 Hacking
4 Illegal or Unethical
5 Discrimination
6 Explicit Violence
7 Abortion
8 Other Adult Materials
9 Advocacy Organizations
11 Gambling
12 Extremist Groups
13 Nudity and Risque
14 Pornography
15 Dating
16 Weapons (sales)
17 Advertising
18 Brokerage and Trading
19 Freeware and Software Downloads
20 Games
23 Web-based Email
24 File Sharing and Storage
25 Streaming Media and Download
26 Malicious Websites
28 Entertainment
29 Arts and Culture
30 Education
31 Finance and Banking
33 Health and Wellness
34 Job Search
35 Medicine
36 News and Media
37 Social Networking
38 Political Organizations
39 Reference
40 Global Religion
41 Search Engines and Portals
42 Shopping and Auction
43 General Organizations
44 Society and Lifestyles
46 Sports
47 Travel
48 Personal Vehicles
49 Business
50 Information and Computer Security
51 Government and Legal Organizations
52 Information Technology
53 Armed Forces
54 Dynamic Content
55 Meaningless Content
56 Web Hosting
57 Marijuana
58 Folklore
59 Proxy Avoidance
61 Phishing
62 Plagiarism
63 Sex Education
64 Alcohol
65 Tobacco
66 Lingerie and Swimsuit
67 Sports Hunting and War Games
68 Web Chat
69 Instant Messaging
70 Newsgroups and Message Boards
71 Digital Postcards
72 Peer-to-peer File Sharing
75 Internet Radio and TV
76 Internet Telephony
77 Child Education
78 Real Estate
79 Restaurant and Dining
80 Personal Websites and Blogs
81 Secure Websites
82 Content Servers
83 Child Abuse
84 Web-based Applications
85 Domain Parking
86 Spam URLs
87 Personal Privacy
140 custom1
141 custom2