During an ADOM upgrade, it is possible to encounter the error ‘Fail(errno=-2): Do not support urlfilter-table for global scope webfilter profile’. This article describes how to get more information and provides the solution for a successful ADOM upgrade if such an issue is present.
Scope
FortiManager, ADOM upgrade.
Solution
To get more information on what causes the error, use the diagnostics outlined in Troubleshooting Tip: ADOM upgrade fails with error ‘Fail(errno=-2):Direction of member(s) must eithe….
After, trigger the ADOM upgrade to generate the error and check the generated output.
It should be similar to the following:
commit copy web.(soid=<ID>) to dparent=<ID>, fail: err=-2,Do not support urlfilter-table for global scope webfilter profile ======= Dump sentry and dentry====== <soid> ---> <ID> bword-threshold: 10 ---> 10 urlfilter-table: 1 ---> "1" log-search: disable ---> disable youtube-restrict: none ---> none blocklist: disable ---> disable =================================== copy web.(soid=<ID>) to dparent=<ID>, :fail. copy webfilter profile.g-default(soid=<ID>) to dparent=<ID>, :fail.
To correct the issue and perform a successful ADOM upgrade:
Step 1: Specify the ADOM to be upgraded under Device Manager > Scripts > Create New > Script.
Step 2: Fill out the following parameters:
Script Name: <name> Run script on: <Policy Package or ADOM Database>
Script details:
config webfilter profile edit "g-default" config web unset urlfilter-table end end
Step 3: Run this script on all policy packages where the default global webfilter profile has a URL filter set up.