FortiWeb REST API Error Codes
Preface
Quick reference for error codes you could encounter when testing FortiWeb REST API.
The Error Codes
| Error Code | Error Message |
|---|---|
| 10 | CMDB failed to be saved. |
| 5 | System API error. |
| 2 | CMDB API error. |
| 1 | CLI internal error. |
| -1 | Invalid length of the value. |
| -2 | The value is out of range. |
| -3 | The entry is not found. |
| -4 | The maximum number of entries has been reached. |
| -5 | A duplicate entry has already existed. |
| -6 | Failed to allocate memory. |
| -7 | The value conflicts with system settings. |
| -8 | Invalid IP address. |
| -9 | Invalid IP netmask. |
| -10 | Invalid gateway address. |
| -11 | When the port is in DHCP mode, it’s IPv4 address can not be modified mannually. |
| -12 | When the port in DHCP mode, it’s IPv6 address can not be modified mannually. |
| -16 | Blank or incorrect address. |
| -20 | Blank entry. |
| -23 | The entry is used. |
| -24 | Error opening the file. |
| -25 | Error reading from the shared memory. |
| -26 | File error. |
| -27 | Error opening IP-MAC info file. |
| -28 | The file is not an updated file. |
| -29 | Invalid keytab file. |
| -30 | Invalid username or password. |
| -33 | MAC address is invalid. |
| -37 | Permission denied. |
| -38 | The downloading file does not exist. |
| -39 | Configuration file or password error. |
| -45 | Invalid IP range. |
| -46 | Invalid port range. |
| -49 | IP address isn’t in the same subnet as the gateway. |
| -50 | Input is in invalid format. |
| -52 | Uploaded file is too large or invalid. |
| -54 | IP address is in the same subnet as the others. |
| -56 | Empty value isn’t allowed. |
| -57 | Underline _ isn’t allowed. |
| -61 | Input is not as expected. |
| -66 | Unable to uncompress the gz file you provided. |
| -87 | Image CRC error. |
| -89 | Invalid number. |
| -90 | CLI parsing error. |
| -91 | Configuration file error. |
| -92 | Invalid arguments. |
| -93 | Invalid domain. |
| -94 | Error creating entry. |
| -95 | The maximum allocated quota is reached. |
| -96 | Failed to delete the table entry. |
| -100 | A duplicate username has already existed. |
| -120 | The IP address must include a subnet mask. |
| -130 | Invalid date input. |
| -131 | Invalid year input. |
| -132 | Invalid month input. |
| -133 | Invalid day input. |
| -134 | Invalid time input. |
| -135 | Invalid hour input. |
| -136 | Invalid minute input. |
| -137 | Invalid second input. |
| -140 | Failed to generate local certificate signing request. |
| -145 | The imported local certificate is invalid. |
| -146 | The imported CA certificate is invalid. |
| -147 | The certificate is being used. |
| -148 | There is already a certificate and/or private key with this/these filename(s). Please rename your certificate and/or private key so that they do not match the filename of an existing certificate. |
| -149 | The imported certificate is invalid. |
| -152 | Invalid encryption key. |
| -158 | Invalid VLAN ID. |
| -167 | Failed to import PKCS12 file. |
| -168 | Failed to export PKCS12 file. |
| -179 | Invalid Geo IP database file. |
| -180 | Unable to send your update request. |
| -191 | VLAN interfaces must share the same VLAN ID. |
| -202 | Single admin user login mode. |
| -203 | IP has been blocked. |
| -204 | Invalid username or password. |
| -205 | Your password has expired, please input a new password. |
| -206 | The new password does not conform to the password policy, please try again. |
| -207 | Your password does not conform to the password policy, please input a new password. |
| -208 | Your password has expired, please input a new password. |
| -209 | Your password does not conform to the password policy, please input a new password. |
| -210 | According to the password policy enforced on this device, please change your password. |
| -211 | Please enter the token. |
| -252 | Invalid port. |
| -282 | User canceled. |
| -302 | Failed to import remote certificate. |
| -360 | Command timeout. |
| -361 | Failed to add entry. |
| -515 | The name is a reserved keyword by the system. |
| -522 | The VLAN ID or physical interface can not be changed once a VLAN has been created. |
| -531 | The VLAN ID and the physical interface have been used by another VLAN interface. |
| -542 | Invalid CRL file. |
| -547 | The specified priority has already existed. |
| -548 | This rule is in the list. |
| -550 | The regular expression is not right. |
| -551 | The condition is in the list. |
| -552 | The host can not be NULL. |
| -553 | The URL can not be NULL. |
| -555 | The location can not be NULL. |
| -556 | The header field name/value can not be NULL. |
| -557 | The username can not be NULL. |
| -558 | The username is in the list. |
| -559 | The uploading succeeds, but an internal error has occured. Try checking the disk space and available memory first. |
| -651 | Invalid input value. |
| -653 | Invalid regular expression. |
| -805 | Invalid authentication key. |
| -807 | The password is too short. |
| -808 | The password must contain at least one uppercase letter. |
| -809 | The password must contain at least one lowercase letter. |
| -810 | The password must contain at least one number. |
| -811 | The password must contain at least one non-alphanumeric character. |
| -813 | The FIPS feature or one of the fields is invalid. |
| -814 | The new image does not contain FIPS feature. |
| -815 | System upgrade to the new image failed. |
| -816 | The FIPS feature might be valid but the public key is new/unknown. |
| -817 | FIPS: The password is too short, and a minimum length of 8 characters is required. |
| -818 | FIPS: The server mode is not supported when FIPS status is enabled. |
| -819 | FIPS: A minimum certificate key length of 1024 bits is required. |
| -820 | FIPS: Unsupported certificate feature algorithm. |
| -821 | FIPS: Telnet/HTTP access are not allowed. |
| -822 | FIPS: Feature check failed for some unknown reasons. |
| -823 | The new image does not support CC mode. |
| -824 | ’Strong-password’ must be enabled when FIPS status is enabled. |
| -825 | FIPS: Minimum RSA certificate key length is 2048 bits and mininum EC certificate key length is 224 bits. |
| -826 | Downgrade is rejected in FIPS mode. |
| -831 | The image file is wrong, please check the version, build number, model, and the partition table. |
| -832 | Failed to unzip the image file. |
| -833 | MBR is wrong. |
| -834 | The signature of the image file is wrong. |
| -835 | Downgrade is rejected in FIPS mode. |
| -900 | System is shutting down. |
| -901 | Backup failed, please try again. |
| -950 | The Syslog server has already existed. |
| -1005 | Deleting table entry is not allowed. |
| -1010 | Login disclaimer declined. |
| -1101 | Please wait while the system is restarting. |
| -1102 | Invalid device ID. |
| -1104 | Error changing the password. |
| -1500 | It is not allowed to configure this object in secondary mode. |
| -1501 | The reserve management status should be unset first. |
| -1502 | The interface is used by HA monitor. |
| -1503 | No available license for HA module. |
| -1504 | The active-active-standard should be in Reverse Proxy or True Transparent mode. |
| -1505 | The group ID is not allowed to change. |
| -1506 | The SN is invalid. |
| -1507 | The SN is already associated with another node ID. |
| -1508 | The VIP is already used by another Traffic Distribution. |
| -1509 | The node is not associated with any SN. |
| -1510 | The node ID is already used by Traffic Distribution, please unset it first. |
| -1511 | The active-active-high-volume should be in Reverse Proxy mode. |
| -1512 | You must select at least one node in the HA member. |
| -1513 | You must select at least one VIP in the VIP list. |
| -1514 | Active-passive and active-active-standard modes are not supported on the Xen server platform. |
| -1515 | The operation is not allowed in secondary mode. |
| -1516 | The active-passive with udp-tunnel type should be in Reverse Proxy mode. |
| -1517 | The ha-node is not supported by current HA network-type and platform. |
| -1518 | The Traffic Distribution is not supported by current network-type and platform. |
| -1519 | corefile-ha-failover must be disabled when enable-core-file is disabled. |
| -1520 | The interface of tunnel-local must be included in the ha-mgmt-interface. |
| -1521 | The old IPv4 address is being used by tunnel-local in HA. |
| -2001 | Your password must be at least 1 character long. |
| -2002 | Your password can not contain the following characters: ~ ! # % ^ & * + ` ’ | |
| -2003 | The password entries do not match. |
| -2004 | Invalid name. |
| -2007 | The password is not strong enough. |
| -2012 | |
| -2016 | Error missing disk. |
| -2025 | Duplicate IP address. |
| -2026 | The same Destination has already existed. |
| -2034 | CFG_ER_FILTER_TOO_LONG |
| -3000 | Internal error processing requested file. |
| -4001 | Invalid XPath expression. |
| -4003 | The request URL must start with ’/‘. |
| -4006 | Invalid suspicious URL. |
| -4007 | Signature update failed. |
| -4013 | This operation is not allowed under current system operation mode. |
| -4032 | Port 22/23/8/43/9 is used by other settings. |
| -4033 | Port is used by global conf sync. |
| -4202 | The name of virtual server has already existed. |
| -4303 | The IP address is already used by another virtual server. |
| -4304 | The virtual server IP address is the same as an IP address on a physical interface. |
| -4305 | When HA is turned on, it is only allowed to use interface IP on AWS platform. |
| -4401 | There are too many default HTTP content routing rules. |
| -5000 | Failed to delete this file. The connected user may not have permission. |
| -5001 | Failed to revert this file. The connected user may not have permission. |
| -5002 | Failed to recover this file. The connected user may not have permission. |
| -5003 | The selected file version is the same as the current version. |
| -5004 | Website is not connected. |
| -5005 | Failed to reset the web site. The connected user may not have permission. |
| -5006 | the selected site version is the same as the current version. |
| -5099 | Names can only contain A-Z, a-z, 0-9, _. |
| -5100 | Names can only contain A-Z, a-z, 0-9, _, and -. |
| -5101 | Schedule dates can only be 1-31. |
| -5102 | The report is protected because it is editable from the device. To edit it on FortiAnalyzer, disable report_protect option first. |
| -5103 | User can not modify report types from on-schedule to on-demand, and vice versa. |
| -5104 | The logo file name length should not exceed 63. |
| -5105 | The logo picture size should not exceed 400 x 400. |
| -5106 | Invalid logo file. |
| -5107 | Names can only contain A-Z, a-z, 0-9, _,., and -, but not include ., .. |
| -5200 | The renaming operation failed. |
| -5201 | The specified name has already existed. |
| -5202 | The specified name can only be a file name or directory name. |
| -5301 | You can create at most 10 post URL items. |
| -6000 | The Inline Protection Profile name has already existed. |
| -6001 | The Offline Protection Profile name has already existed. |
| -6003 | The Authentication Policy name has already existed. |
| -6004 | The scope of LDAP cache timeout is 0-3600. |
| -6005 | The Authentication Rule name has already existed. |
| -6006 | The HTTP Protocol Constraints name has already existed. |
| -6007 | The URL Rewriting Policy name has already existed. |
| -6008 | The item is already in the table. |
| -6009 | The URL Rewriting Rule name has already existed. |
| -6011 | The Hidden Fields Rule name has already existed. |
| -6012 | The Allow Method Exception name has already existed. |
| -6013 | The URL pattern has been used by a rule in the table. |
| -6014 | The IP has already existed in the table. |
| -6018 | This rule is in the list. |
| -6101 | The Brute Force Login name has already existed. |
| -6102 | The scope of standalone IP Access Limit is 0-10000. |
| -6103 | The scope of share IP Access Limit is 0-10000. |
| -6104 | The scope of Block Period is 1-10000. |
| -6105 | You must input a valid regular expression. |
| -6106 | The Input Rule name has already existed. |
| -6115 | You must input a valid regular expression. |
| -6117 | The type of default page can not be regular expression. |
| -6120 | The Custom Signature Group name has already existed. |
| -6121 | The Custom Signature name has already existed. |
| -6124 | The URL Access Rule name has already existed. |
| -6125 | The URL Access name has already existed. |
| -6126 | You cannot change the type of a used request. |
| -7000 | The Robot Control name has already existed. |
| -7004 | The Robot Group name has already existed. |
| -7007 | The item is already in the table. |
| -7100 | The URL Access name can not be null. |
| -7102 | The rule name is duplicate. |
| -7103 | The priority already exists. |
| -7106 | The condition already exists. |
| -7200 | The name of the pserver already exists. |
| -7201 | The IP address of the pserver is already in use. |
| -7202 | You must input a valid port. |
| -7203 | The name of server farm already exists. |
| -7204 | You must select a Physical Server. |
| -7205 | This server is already used in a server pool. |
| -7206 | The health check source IP must be specified. |
| -7207 | The health check must be specified. |
| -7210 | You must select a server farm. |
| -7212 | The same service port cannot be used for one Virtual IP twice. |
| -7213 | In TT mode, two policies can not set the same V-zone and same pserver. |
| -7214 | The protected server name already exists. |
| -7215 | The data type group name already exists. |
| -7216 | The suspicious URL rule already exists. |
| -7217 | You must select a data capture port. |
| -7218 | The server farm is used by another policy. |
| -7219 | The server farm has the same pserver and port as others. |
| -7220 | In TT mode, two policies can not set different v-zones whie the same pserver with different port. |
| -7221 | No web protection profile. |
| -7222 | Server pool size exceeds the limit. |
| -7238 | The server farm type does not match with the deployment mode. |
| -7239 | This HTTP content routing policy has been added to the server farm. |
| -7240 | The server pool type does not match with the deployment mode. |
| -7245 | The Custom Access Rule name already exists. |
| -7300 | The server farm name already exists. |
| -7301 | You must select a pserver. |
| -7302 | The server health check name already exists. |
| -7303 | The policy name already exists. |
| -7400 | Too many tasks waiting for processing. |
| -7514 | You must input a secondary secret. |
| -7525 | The host, request_file of the File Upload Restriction Rule already exist. |
| -7526 | The Allow Method Policy name already exists. |
| -7528 | The sync-type can be only partial_sync when system mode is Inline. |
| -7530 | The domain of the domain server is already in use. |
| -7532 | The object must be http-body when url-rewrite-rule action-type was http-body-rewrite. |
| -7533 | The object can not be http-body when url-rewrite-rule action-type wasn’t http-body-rewrite. |
| -7535 | Import failed: Some items have already existed in the system configuration. |
| -7536 | The host, request URL of the sub table entry have already existed. |
| -7537 | The platform version is not the same as the config file. |
| -7538 | Redirect URL input is invalid, and it can only contains A-Z, a-z, 0-9, _, :, /,[,],-and .. |
| -7539 | The object can not be http-reference when url-rewrite-rule action-type is http-header-rewrite. |
| -7540 | The object can not be http-location when url-rewrite-rule action-type is not location-rewrite. |
| -7541 | Invalid file format. The file type must be tar, .tar.gz, or .zip. |
| -7542 | File size exceeds the limit. |
| -7543 | The file must contain a HTML file named ‘index.html’. |
| -7545 | You can create at most 128 exception rules in the Signatures Rule of the same signature ID. |
| -7554 | The Custom Access Rule name can not be null. |
| -7555 | Only one condition can be configured per rule. |
| -7556 | You can not create the same Header name whether it is in a predefined or custom rule. |
| -7558 | Invalid password. |
| -7559 | The IP address is already in another exception rule. |
| -7600 | For WAD, at most 256 items can be created. |
| -7601 | Destination IP and gateway must be the same IPv4 or IPv6. |
| -7602 | Interface IP must be set. |
| -7603 | Source IP and gateway must be the same IPv4 or IPv6. |
| -7604 | A duplicate route setting already exists. |
| -7605 | The route policy priority already exists. |
| -7606 | The default gateway can not be set manually when interface is in DHCP mode. |
| -7610 | The bypass can not be enabled when system is in HA mode, RP mode, or Offline mode. |
| -7611 | ’:’ input is invalid. Supported characters are 0-9 A-Z a-z _ . - |
| -7615 | All the enabled web cache policies exceed the maximum buffer size. |
| -7617 | You must save the server policy before adding HTTP Content Routing policies. |
| -7618 | You must select a SSL protocol. |
| -7620 | Image encoding failed. |
| -7622 | The number of tags can not exceed 32. |
| -7625 | VLANs are not supported on this aggregate device due to no available interface. |
| -7626 | You must input protocol for FortiGate integration. |
| -7627 | You must input schedule for fortiGate integration. |
| -7630 | The database file is empty. |
| -7631 | Connection failed. |
| -7632 | Socket error. |
| -7634 | Interfaces must not be in the same physical interface. |
| -7635 | Interface or VLAN is used by V-zone. |
| -7636 | Virtual server use-interface-ip status can not be changed when used by a policy. |
| -7637 | The service of this port is in use. |
| -7638 | The service used by a policy can not be edited. |
| -7639 | The service of this virtual IP is in use. |
| -7640 | The name can not be empty. |
| -7645 | Creating HSM failed. |
| -7646 | The imported HSM certificate is invalid. |
| -7647 | This partition is not assigned for the FortiWeb, please check the HSM. |
| -7648 | Destroying HSM failed. |
| -7649 | HSM config is not valid. |
| -7650 | Can not connect to server on this port, please check system router and network. |
| -7652 | Group dddress must be in the IP range 224.0.0.0~239.255.255.255. |
| -7653 | Invalid operator. |
| -7654 | MTU setting failed. |
| -7655 | Diagnosing HSM partition failed. |
| -7656 | The minimum port is larger than the maximum port. |
| -7659 | Invalid REST API request. |
| -7660 | This interface is managed by DPDK, please detach it from DPDK first. |
| -7661 | Capture port must be physical interface that is not used by VLAN. |
| -7662 | The condition is in the list. |
| -7663 | The URL request of the sub table entry already exists. |
| -7664 | The cookie name already exists. |
| -7665 | The interface is used by VLAN and MTU should be larger than its VLAN’s setting. |
| -7666 | The interface is used by VLAN and MTU should be smaller than its physical interface’s setting. |
| -7667 | The interface of VLAN can not set allowaccess in TTP and TI operation mode. |
| -7670 | The Custom Access Rule has exceeded the max length(1024). |
| -7671 | The URL Access Rule has exceeded the max length(1024). |
| -7672 | Internal error. |
| -7673 | Failed to process the upload file. |
| -7674 | Wrong protocol version setting for SSL in HTTP2. |
| -7675 | Wrong cipher setting for SSL in HTTP2. |
| -7676 | For TI and Offline pserver, certificate file must be set when SSL is enabled. |
| -7677 | The certificate can be included only in single OCSP stapling. |
| -7678 | The CA number in one CA file exceeds the limit. |
| -7679 | Invalid input format, only JPG format is supported. |
| -7680 | The length of input certificate content is too long. |
| -7681 | The HTTP header name already exists. |
| -7684 | The value of higher level must be larger than that of the lower level. |
| -7685 | Input secret is more than 128, and it will be cut off. |
| -7686 | The allowed value from URI must start with ‘http://’ or ‘https://‘. |
| -7687 | The input PIN-SHA256 should conform to valid base64 format. |
| -7688 | The report-uri must be set when report-only is enabled. |
| -7689 | PIN-SHA256 requires at least two pins, and requires at least one does NOT refer to a SPKI in current certificate chain. |
| -7690 | Status, type, and flag of a certificate can not be configured from CLI. |
| -7691 | The configuration of a certificate can not be changed from CLI except the comments. |
| -7692 | The maximum value should be larger than the minimum value. |
| -7693 | The sign CA must be selected when the Client Certificate Proxy is enabled. |
| -7694 | Invalid XML schema file. |
| -7695 | Duplicate XML schema file. |
| -7696 | Invalid XML WSDL file. |
| -7697 | Duplicate XML WSDL file. |
| -7699 | The time interval of auto confsync should not be shorter than 5 minutes. |
| -7700 | Header field check and HTTP method check can not be disabled at the same time. |
| -7701 | Duplicate namespace prefix. |
| -7702 | Namespace prefix has been used by element list. |
| -7703 | Prefix can only contain A-Z, a-z, 0-9, _, - and ., and it must start with _ or a letter. |
| -7704 | Duplicate XPath expression. |
| -7705 | Namespace prefix must be defined in namespace mapping. |
| -7706 | XML client certificate group must be selected when request operation includes sign verify. |
| -7707 | XML client certificate group must be selected when response operation includes encrypt or HMAC-SHA1 sign. |
| -7708 | XML server certificate must be selected when request operation includes decrypt. |
| -7709 | XML server certificate must be selected when response operation includes RSA-SHA1 sign. |
| -7711 | Failed to open file. |
| -7712 | Failed to decompress file. |
| -7713 | Failed to open directory. |
| -7714 | The contents of the extracted file don’t conform to specifications. |
| -7715 | The service of policy must be selected. |
| -7716 | The mode can not be changed between active-active-standard, active-passive, and active-active-high-volume. |
| -7717 | This interface is used in an aggregate. Please try another port. |
| -7718 | The end address of IP address range must be greater than the start address. |
| -7719 | The Translate to IP address must be set. |
| -7720 | This interface is used in a redundant configuration. Please try another port. |
| -7721 | This certificate is invalid. |
| -7722 | The multi-cert does not support OCSP stapling. |
| -7725 | The password of admin can not be changed. |
| -7726 | No parameter name is specified. |
| -7727 | No header field name is specified. |
| -7728 | You have enabled user access restrictions, but API key verificaiton is not enabled. |
| -7729 | You need to input valid URL expression. |
| -7730 | You need to input valid regular expression. |
| -7731 | Invalid UUID format. |
| -7732 | Invalid API key format. |
| -7733 | You must input HTTP host. |
| -7734 | Invalid format for URL frontend prefix. |
| -7735 | Invalid format for URL backend prefix. |
| -7736 | Failed to change UUID for API user. |
| -7737 | Failed to change API Key for the user. |
| -7738 | The format of HTTP attach header is invalid. |
| -7739 | Invalid format for URL |
| -7741 | Invalid format for parameters |
| -7742 | Invalid format for headers |
| -7743 | Invalid name for phantom token |
| -7744 | Invalid name for token |
| -7745 | Invalid format for header verification |
| -7746 | Invalid format for payload validation |
| -7747 | Invalid format for RSA key |
| -7801 | Getting site information table failed. |
| -7802 | Getting site tree root failed. |
| -7803 | The site has no record. |
| -7804 | Getting site child nodes failed. |
| -7811 | Operation failed. |
| -7812 | Malloc memory error. |
| -7813 | The parameter is not in running or testing state. |
| -7814 | Invalid parameter. |
| -7815 | The length of the password has exceeded the max length(15). |
| -7816 | Decrypting or encrypting data error, or unmatched Anomaly Detection data file is found. |
| -7817 | The parameter has been refreshed. |
| -7818 | Port1 should be in DHCP mode when HA is enabled on cloud platform. |
| -7819 | Failed to support multiple import tasks at the same time. |
| -7820 | Failed to import Anomaly Detection data. |
| -7821 | Unmatched Anomaly Detection data file found. |
| -7822 | Failed to support multiple export tasks at the same time. |
| -7823 | Failed to export Anomaly Detection data. |
| -7824 | All interfaces should be in static mode when HA is enabled in flat mode on KVM platform. |
| -7825 | Port1 should be in DHCP mode when HA is enabled in UDP tunnel mode on KVM platform. |
| -7826 | Failed to import bot detection data. |
| -7827 | Unmatched bot detection data file is found. |
| -7828 | Failed to export bot detection data. |
| -7829 | Decrypting or encrypting data error. |
| -7830 | Duplicate file type. |
| -7831 | These file names are not allowed: < > ( ) # | |
| -7832 | Unmatched bot detection data file is found under the current operation mode. |
| -7833 | The maximum number of parameters in URL has reached the limit. |
| -7834 | The maximum number of parameters in domain has reached the limit. |
| -7835 | Due to the limit of the domain count, imported Anomaly Detection data partly. |
| -7836 | Failed to import api learning data. |
| -7837 | Failed to export api learning data. |
| -7838 | Unmatched API learning data file found. |
| -7848 | Failed to resolve reference file. |
| -7849 | Failed to find reference file. |
| -7850 | Failed to find database file. |
| -7851 | Failed to find JSON file. |
| -7852 | Invalid JSON file. |
| -7853 | Parsing info object failed. |
| -7854 | Parsing server object failed. |
| -7855 | Parsing path file failed. |
| -7856 | YAML file does not exist. |
| -7857 | Invalid YAML file for OpenAPI. |
| -7858 | Creating database failed. |
| -7859 | The mode can not be active-active-standard when network-type is udp-tunnel on kvm platform. |
| -7860 | The multi cluster status should be unset first. |
| -7861 | HA entry already exists. |
| -7862 | Manager entry already exists. |
| -7863 | It is not allowed to configure this object in manager client mode. |
| -7864 | No available license for manager module. |
| -7865 | All interfaces should be in DHCP mode (IPv4) when the manager mode is enabled. |
| -7866 | The manager mode should be in RP mode. |
| -7870 | Address error. |
| -7871 | Server test error. |
| -7872 | Internal API error. |
| -7873 | Invalid credentials. |
| -7901 | Getting WVS policy status failed. |
| -7902 | Names can only contain space, A-Z, a-z, 0-9, _, -, and . |
| -7903 | Names can only contain A-Z, a-z, 0-9, _, -, and . |
| -7910 | For ADFS server, ADFS domain must be set. |
| -7911 | For ADFS server, ADFS username must be set. |
| -7912 | For ADFS server, SNI forward can’t be set. |
| -7913 | For ADFS server, the client certificate must be set. |
| -7950 | The country name is empty or wrong. |
| -7955 | Invalid JSON schema file. |
| -7956 | Duplicate JSON schema file. |
| -7960 | The interface name is too long to create VLAN; the length of the interface name should be less than 15 letters. |
| -7961 | Test sample failed. |
| -7970 | The IP address of VIP is already used by another VIP. |
| -7971 | The IP address you entered for this VIP is already occupied by an interface. |
| -7972 | The name format of the VIP is VIP+number, such as VIP1; only VIP1~VIP200 is supported. |
| -7973 | You can create at most 200 VIP items |
| -7974 | You can create at most 16 VIPs on a interface. |
| -7975 | When HA or manager cluster is turned on, it is not allowed to configure VIP on AWS platform. |
| -7976 | It is not allowed to configure VIP in TTP operation mode. |
| -7980 | The HSM partition is in use. |
| -7981 | Passwords of different partitions within the same HSM HA group must be identical. |
| -7982 | The HSM HA group must have at least one member. |
| -7990 | Only admin user can delete other users. |
| -7991 | Invalid private key file. |
| -8000 | The mobile API protection rule must be set. |
| -8001 | The rule has been selected. |
| -8010 | Token secret must be set when Mobile App Identification status is Enable. |
| -8011 | Getting the file content error. |
| -8012 | The imported file should not be empty. |
| -8014 | |
| -8015 | Malloc failed. |
| -8016 | Invalid start IP. |
| -8017 | Invalid end IP. |
| -8018 | Invalid CIDR. |
| -8019 | Start IP is larger than then end IP. |
| -8020 | IP range duplicate. |
| -8021 | Invalid UUID format. |
| -8022 | The host can not be NULL. |
| -8023 | The value of inactive time is invalid. Please input <1 - 180 minutes> or <1 - 24 hours>. |
| -8024 | The value of expire time is invalid. Please input <1 - 180 minutes> or <1 - 24 hours>. |
| -8025 | The path must start with ’/‘. |
| -8026 | The bypass URL must start with ’/‘. |
| -8030 | The URL encryption rule must be set. |
| -8031 | The rule has been selected. |
| -8037 | Adom user can not change accprof. |
| -8038 | Adom user can not change adom. |
| -8039 | Admin user’s accprof should be prof_admin. |
| -8040 | Only admin user can change accprof to prof_admin. |
| -8041 | User can not delete himself. |
| -8042 | Only admin user can change other users’ configuration. |
| -8043 | The external IP address must be set. |
| -8044 | The mapped IP address must be set. |
| -8045 | The FWMARK Policy mark already exists. |
| -8046 | HTTP2 with URL based certificate verification is not supported. |
| -8047 | The IP range includes interface address. |
| -8048 | The external address/range can not include the ingress interface address. |
| -8049 | The mapped address/range can not include any interface address. |
| -8050 | The IP range includes VIP address. |
| -8051 | Conflicted with the external IP address for DNAT rules. |
| -8052 | Conflicted with the mapped IP address for DNAT rules. |
| -8053 | The Redis service is out of memory. |
| -8054 | The attack type must be set. |
| -8055 | You can create at most 128 exception rules of the same attack type. |
| -8056 | The total port range can not be more than 8. |
| -8057 | The port range can not cover each other. |
| -8058 | The total port number can not be more than 128. |
| -8059 | The protocol does not support port range. |
| -8085 | The mode can not be active-active-standard on cloud platform. |
| -8086 | Port1 should be in DHCP mode on cloud platform. |
| -8087 | Failed to create intferface on cloud paltform. |
| -8088 | Interface mode is not allowed to modify on OCI platform. |
| -8089 | The duplicate domain name has been configured. |
| -8095 | Another wildcard admin user has existed in system. |
| -8096 | Unsupported cipher in FIPS ciphers mode. |
| -8097 | Unsupported certificate in FIPS ciphers mode. |
| -8098 | Unsupported ssl protocol version in FIPS ciphers mode. |
| -8100 | Current mode is WCCP,cannot disable wccp-mode switch.if needed please change to other mode first. |
| -8101 | The private key or certificate files of the local certificate is not generated yet. |
| -8109 | The header type is not supported in request action. |
| -8110 | The custom value cannot be empty. |
| -8111 | The JWK kty is unknown type. |
| -8112 | Please set JWK secret for Octet key type. |
| -8113 | The modulus/exponent is invalid for RSA key type. |
| -8114 | The x/y/crv is invalid for EC key type. |
| -8115 | The X.509 Certificate SHA-1/SHA-256 Thumbprint base64url decode error. |
| -8116 | The scope field must contain ‘openid’. |
| -8130 | Getting domain url list failed. |
| -8131 | HSM server with the same name already exists. |
| -8132 | Only one partition is allowed under HSM non-HA mode. |
| -8133 | Only one server is allowed under HSM non-HA mode. |
| -8134 | Failed to delete HSM HA group. |
| -8135 | Failed to add new member to HSM HA group. |
| -8136 | Failed to synchronize HSM HA group. |
| -8137 | Failed to get HSM partition slot id. |
| -8138 | Failed to add HSM partition. |
| -8139 | Failed to change Luna Client config file. |
| -8140 | You must create an HSM HA group containing 2 members firstly. |
| -8150 | The link cloaking rule must be set. |
| -8151 | The rule has been selected. |
| -8210 | Error build connection. |
| -8211 | Error sending message. |
| -8212 | Error recving message. |
| -20000 | The REST API has no URL in environment variable. |
| -20001 | The REST API has invalid URL. |
| -20002 | The REST API is not authenticated in environment variable. |
| -20003 | The REST API authentication failed. |
| -20004 | The REST API has no method in environment variable. |
| -20005 | The REST API has invalid HTTP method. |
| -20006 | The REST API has no argument in environment variable. |
| -20007 | The REST API has invalid argument. |
| -20008 | The REST API has no client address in environment variable. |
| -20009 | The REST API has no free memory. |
| -20010 | The license of peer VM FortiWeb is not valid. |
| -20011 | The REST API has invalid multipart/form-data format. |
| -20012 | The REST API can’t get signature rule by the signature name. |
| -20013 | The REST API failed to do signature query. |
| -20014 | The REST API has no HTTP body. |
| -20015 | Backup file does not exist. |
| -20016 | Duplicate local backup file. |
| -20017 | At least one SSL version needs to be configured. |
| -20018 | OCI Connector is not supported in pserver list. |
| -20019 | Could not decrypt certificate/private key. Please verify that you have the correct password. |
| -20020 | The certificate does not match any private key generated on FortiWeb. Please verify that you have the correct certificate file. |
| -20021 | Let’s Encrypt certificate is used by some object. |
| -20022 | Private data encryption key is not the correct format.. |
| -20023 | The number of member in this group is 0 |
| -20024 | True Transparent proxy with HA active-active-standard doesn’t support Server Pool Health Check. |
| -20025 | Unable to download due to size |
| -20026 | The name of the local certificate has exceeded the maximum length(192). |
| -20027 | The REST API read statistic database error. |
| -20028 | Names can only contain A-Z, a-z, 0-9, _, and -. (): |
| -20029 | You need to disable shell access before mod. the username or passowrd of shell acess. |
| -20030 | The username of admin is conflict with the one for shell access. |
| -20031 | When Ignore-X-Forwarded-For is enabled, action Redirect and Send 403 Forbidden are not supported. |
| -20032 | The input is duplicated. Nothing is updated. |
| -20033 | The REST API failed to save data. |
| -20034 | The maximum no of pairs of filter has been reached. |
| -20035 | Failed to upload file because the application key is duplicate. |
| -20036 | This file type is predefined, please config it by Predefined File Types. |
| -20037 | Filter length exceeds limitation. |
| -20038 | Host can have at most one wildcard. |
| -20039 | At least one method should be checked. |
| -20040 | At least one protocol should be checked. |
| -20041 | It is duplicate EMS server. |
| -20042 | The ZTNA should be in Reverse Proxy mode. |
| -20043 | When Data Type is Hex-array, Operation must be Equal. |
| -20044 | Invalid length of Hex array. |
| -20045 | Invalid Hex array. |
| -20046 | In FIPS mode, RSA key generation refuses to create and use a key with a keysize of less than 2048 bits and SHA-1 digest algorithm may not be used |
| -20047 | FDS update in progress, try again later |
| -20048 | The health check group id must be different in master or slave role |
| -20049 | The health check of master role only refer to one server pool |
| -20050 | Pserver do not refer to master/slave role health |
| -20051 | Pservers have same ip address in server pool which use master role health |
| -20052 | Please select a CA certificate. |
| -20053 | RFC7919 compliance is enabled, but no DHE cipher suites are selected. |
| -20054 | RFC7919 compliance is enabled, but no FFDHE group is selected. |
| -20055 | Can’t be moved in pre-defined rules. |
| -20056 | Invalid args in REST API request. |
| -20057 | FTC login system error. |
| -20058 | Please check the internet connection to FTC. |
| -20059 | Invalid FTC packet received. |
| -20060 | Incorrect account or password. |
| -20061 | Invalid gRPC IDL file. |