Value Conflicts with System Settings

Posted by
Facebooktwitterredditpinterestlinkedintumblr

Issue: Cannot change Fortigate from NAT to transparent mode. Error getting from the GUI is “value conflicts with system settings”.

Platform: Fortinet Fortigate UTM firmware 5.x.

Solution: Converting Fortigate from NAT to transparent mode from the GUI gives me this error “value conflicts with system settings” which isn’t helpful. I tried looking for dependencies but can’t find anything wrong. So I tried converting Fortigate from NAT to transparent through CLI hoping to get different and meaningful error message. After trying I get what I was expecting:

Cannot change to transparent mode because this vdom contains the following virtual switch: lan

I proceeded deleting security policy related to “lan” and break the virtual switch.

2 comments

  1. Hi there,

    May i ask how you break the virtual switch? Because there is only one Hardware switch inside my interface options.

    Thanks,

  2. Hello Desmond,

    To check whether the config is referenced by an object follow the these steps.

    web-based manager (GUI) method:

    In the web-based manager, the object dependencies for an interface can be easily checked and removed.
    To remove interface object dependencies – web-based manager
    1. Go to System > Interfaces.
    The number in the Ref. column is the number of objects that refer to this interface.
    2. Select the number in the Ref. column for the desired interface.
    A Window listing the dependencies will appear.
    3. Use these detailed entries to locate and remove object references to this interface.
    The trash can icon will change from gray when all object dependencies have been removed.
    4. Remove the interface by selecting the check box for the interface, and select Delete.

    CLI method:
    When running multiple VDOMs, this command is run in the Global configuration only and it searches for the named object both in the Global and VDOM configuration most recently used:
    diag sys checkused

    For example, to verify which objects are referred to in a security policy with an ID of 1, enter the command as follows:
    diag sys checkused firewall.policy.policyid 1

    To check what is referred to by interface port1, enter the following command:
    diag sys checkused system.interface.name port1

    To show all the dependencies for an interface, enter the command as follows:
    diag sys checkused system.interface.name
    Sample Output:
    entry used by table firewall.address:name ‘10.98.23.23_host’
    entry used by table firewall.address:name ‘NAS’
    entry used by table firewall.address:name ‘all’
    entry used by table firewall.address:name ‘fortinet.com’
    entry used by table firewall.vip:name ‘TORRENT_10.0.0.70:6883′
    entry used by table firewall.policy:policyid ’21’
    entry used by table firewall.policy:policyid ’14’
    entry used by table firewall.policy:policyid ’19’
    In this example, the interface has dependent objects, including four address objects, one VIP, and three security policies.

    Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *

*