How to Fix Forti Manager Fortigate out-of-sync – “the category is already set in another filter”

Leave a Comment / By /

This post is about fixing the Forti Manager and Fortigate firewall out-of-sync error – “the category is already set in another filter”

Troubleshooting

* Upgrade the Fortigate firewall version to match up the version with Forti Manager, but it does not help

* Check the installation log and the error is as below:

Starting log (Run on device)


Start installing
ICTFellaFW01-Primary $  config dnsfilter profile
ICTFellaFW01-Primary (profile) $  edit "default"
ICTFellaFW01-Primary (default) $  config ftgd-dns
ICTFellaFW01-Primary (ftgd-dns) $  config filters
ICTFellaFW01-Primary (filters) $  edit 11
ICTFellaFW01-Primary (11) $  unset category
ICTFellaFW01-Primary (11) $  next
Error: the category is already set in another filter.
object check operator error, -617, discard the setting
Command fail. Return code 1
ICTFellaFW01-Primary (filters) $  edit 12
ICTFellaFW01-Primary (12) $  set category 57
Error: the category is already set in another filter.
node_check_object fail! for category 57

value parse error before '57'
Command fail. Return code -617
ICTFellaFW01-Primary (12) $  next
ICTFellaFW01-Primary (filters) $  edit 13
ICTFellaFW01-Primary (13) $  set category 63
Error: the category is already set in another filter.
node_check_object fail! for category 63

value parse error before '63'
Command fail. Return code -617
ICTFellaFW01-Primary (13) $  next
ICTFellaFW01-Primary (filters) $  edit 14
ICTFellaFW01-Primary (14) $  set category 64
Error: the category is already set in another filter.
node_check_object fail! for category 64

and 

(vdom root: dnsfilter profile "default" ftgd-dns filters 11:category)
	remote original: 57
	to be installed: 

(vdom root: dnsfilter profile "default" ftgd-dns filters 12:category)
	remote original: 63
	to be installed: 57

(vdom root: dnsfilter profile "default" ftgd-dns filters 13:category)
	remote original: 64
	to be installed: 63

(vdom root: dnsfilter profile "default" ftgd-dns filters 14:category)
	remote original: 65
	to be installed: 64

(vdom root: dnsfilter profile "default" ftgd-dns filters 15:category)
	remote original: 66
	to be installed: 65

(vdom root: dnsfilter profile "default" ftgd-dns filters 16:category)
	remote original: 67
	to be installed: 66

(vdom root: dnsfilter profile "default" ftgd-dns filters 17:category)
	remote original: 26
	to be installed: 67

Fix

After mocking around, finally fixed the issue by deleting all the conflict categories in the “default” DNS filter in CLI, then add back again. 

ICTFellaFW01-Primary $  config dnsfilter profile
ICTFellaFW01-Primary (profile) $  edit "default"
ICTFellaFW01-Primary (default) $  config ftgd-dns
ICTFellaFW01-Primary (ftgd-dns) $  config filters
ICTFellaFW01-Primary (filters) $  delete 11
ICTFellaFW01-Primary (filters) $  delete 12
ICTFellaFW01-Primary (filters) $  delete 13
ICTFellaFW01-Primary (filters) $  delete 14

You then add the correct ones back manaully via CLI

Useful Link

https://community.fortinet.com/t5/Fortinet-Forum/Policy-Install-Error-The-category-is-already-set-in-another/m-p/167517

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *