Skip to Content

How to fix install policy package error ‘error filters – xx : -xx – invalid category ID’

By: Author Alex Lim

Posted on

Categories Troubleshooting

his article describes the error for installation failed due to the ‘error filters – xx : -xx – invalid category ID’ error.

his article describes the error for installation failed due to the 'error filters - xx : -xx - invalid category ID' error.

Scope

FortiManager, FortiGate.

Solution

Debug command:

diag debug application securityconsole 255
diag debug enable

Debug output:

SECURITY_CONSOLE: Installing dynamic interface completed - 15 entries installed, 0 errors
SECURITY_CONSOLE: Installing firewall policy
TCL error(Invalid category ID: ).
obj filters
action:block
auth-usr-grp:
category:
id:100
log:enable
override-replacemsg:
warn-duration:5m
warning-duration-type:timeout
warning-prompt:per-category
TCL error(Invalid category ID: ).
obj filters
action:block
auth-usr-grp:
category:
id:101
log:enable
override-replacemsg:
warn-duration:5m
warning-duration-type:timeout
warning-prompt:per-category
SECURITY_CONSOLE: Installing firewall policy completed - 8 entries installed, 0 errors
SECURITY_CONSOLE: copy all policies: 0 hours 0 minutes 0.962435 seconds.
add 0 fail references back to pending list
SECURITY_CONSOLE: (1) [FGT[copy] root] post commit check fail: filters - 101-Invalid category ID: 
SECURITY_CONSOLE: (1) [FGT[copy] root] post_vdom copy error: filters - 101:(errcode)-2-Invalid category ID: 
SECURITY_CONSOLE: (1) [FGT[copy] root] Copy rollbacked, due to error (reason:none)

Make sure the ADOM version and with FortiGate version are the same so that the filter categories in Web Filter are compatible with each other.

Sometimes, in FortiGate newer version will introduce new Web Filter categories, for example v7.4.1 added two categories, which is:

100 - Artificial Intelligence Technology.
101 - Cryptocurrency.

For example:

FortiManager in v7.4.x , FortiGate running in version v7.2 in ADOM v7.4.

This will lead to installation failure since the new categories are not supported in the lower version. Despite having a challenge to perform an upgrade or migrate to a new ADOM, removing the categories in the Web Filter profile can resolve the issue. Make sure to select the correct profile that used in the policy of installed FortiGate.

Go to Policy & Objects > Advanced > CLI Configurations > Search > Webfilter > Profile, select profile that used in the policy > Filters, find the categories and then, select ‘Delete‘.

Go to Policy & Objects > Advanced > CLI Configurations > Search > Webfilter > Profile, select profile that used in the policy > Filters, find the categories and then, select 'Delete'.