Thursday, 19 July 2012

Fortigate error The cmdb add entry failed.

We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall.

So, tried a few things and found we could get a policy on by killing IPS. This may cause all sorts of random results so only use this if you're desperate!

You can try the nice way

diagnose test application ipsmonitor 99 

and then try adding the policy but I had to go further: in the CLI console type

get sys perf top

Look for ipsengine..

       ipsengine     6085      S     0.0    22.6

Then you can kill it..

diagnose sys kill 9 6085

the 9 is the signal and 9 means kill it dead.

It should come back. Check with the get sys perf top again.

Then you should be ok to put in a  few commands without the cmdb add entry failed error.

No comments:

Switch your Raspberry Pi 3 to use a hard drive

I have a Pi 3 that is a DNS, web, email etc server and it's gone through a few SD cards and gets bogged down in high wait % in top somet...