Thursday, July 19, 2012

Fortigate error The cmdb add entry failed.

We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall.


So, tried a few things and found we could get a policy on by killing IPS. This may cause all sorts of random results so only use this if you're desperate!


You can try the nice way


diagnose test application ipsmonitor 99 

a
and then try adding the policy but I had to go further: in the CLI console type


get sys perf top


Look for ipsengine..



       ipsengine     6085      S     0.0    22.6

Then you can kill it..

diagnose sys kill 9 6085

the 9 is the signal and 9 means kill it dead.

It should come back. Check with the get sys perf top again.

Then you should be ok to put in a  few commands without the cmdb add entry failed error.


No comments: