It seems like every time I have to make a change to one of our Fortigate firewalls, the changes won’t be accepted, and I get the error “CFG_CMDBAPI_ERR“. That might be even worse than a Microsoft error.
If you do some googling for the error, you will find most people tell you to restart the ipsmonitor process. This is done with the “diag test application ipsmonitor 99” command. This typically does the trick, but today it was not working for me.
To see what was using up resources, I entered the “diag sys top 1” command. The last field shows the memory used. In my case, the problem was forticron.
Now, you can’t restart forticron the same way you restart ipsmonitor. You have to kill forticron, and to do that, you first have to get the pid (process ID). At the “diag sys top 1” command screen, the pid is the number right after the process name, which is the second column. Next, hit the Q key to exit the process screen. Now enter “diag sys kill 11 <pid>” where <pid> is replaced with the pid you just got from the previous screen. That should kill the process. It did for me, and I was able to make the changes that I needed.
Hope this helps someone out there. I know it was a pain trying to find the fix when I needed it.
Thanks man, that worked for me! I couldn’t add any more DHCP reservations via command line:
fw (reserved-address) # edit 8
Command fail. Return code -361
And, of course, via GUI I was getting the CFG_CMDBAPI_ERR. forticron was sitting at 43.5, and only after killing it was I able to make the desired changes again. Thanks for posting this!
No problem. Thanks for the feedback.
I was a little tired to see this message and today I was thinking restart firewall but I did some googling and I have found this information that worked for me too.
Thanks,
It worked for me as well! Thanks! But what does the forticron do or what will be the impact if we kill it?
Absolutely brilliant. Worked like a charm!
thanks !! works great !
Hi friends,
I have one doubt what is the process of forticron in fortigate. what that will do in forigate.
Thank You
1
This did the trick for me but it had a nasty side effect:
I had this issue on a remote fortigate – One I’ve implemented the restart if no configuration save exist.
After working for some time the fortigate restarted – but never came back online – so this process forced me to do a manual reboot for the server to get back up.
I cannot attest that this solution resulted in the reboot stuck but it has a high probability.
Great post, thank you. It worked for another process.
Thanks. FortiGate working.
Just ran into the same issue and your solution worked! Thank you!
Hi,
It worked for me too.
Thanks a lot!
Thaks a lot!
It resolved!!!!!
Just to be clear this issue is related to conserve mode and you may wish to concern yourselves with why it is in conserve mode VS just restarting a process.