FortiADC REST API Error Codes
| Error Code | Error Message |
|---|---|
| -11 | Invalid length of value. |
| -12 | Value out of range. |
| -13 | Entry not found. |
| -14 | Maximum number of entries has been reached. |
| -15 | Duplicate entry. |
| -16 | Failed to allocate memory. |
| -17 | Invalid name. |
| -18 | Invalid IP address. |
| -19 | Invalid IP netmask. |
| -20 | Blank entry. |
| -21 | Invalid country name. |
| -22 | Get data disk failed |
| -23 | Entry is used. |
| -24 | Error opening file. |
| -25 | Error reading from shared memory. |
| -26 | File error. |
| -27 | Insufficient memory. |
| -28 | File is not an update file. |
| -29 | Unmatched partition size. Please enlarge data disk to minimum 2GB and upgrade to 5.1.x again. |
| -30 | Invalid username or password. |
| -31 | Failed to transfer file |
| -36 | Blank or Incorrect email address. |
| -37 | Permission denied. |
| -38 | Exceed VDOM resource limitation. |
| -39 | Configuration file error. |
| -40 | Unable to remove an entry from a static table. |
| -41 | This entry is reserved by the system. It cannot be edited. |
| -42 | This entry is reserved by the system. It cannot be deleted. |
| -43 | This interface is used in an aggregate. Please try another port. |
| -44 | VDOM resource limitation exceed current value. |
| -45 | Invalid IP address range. |
| -46 | Port number is duplicated or in use. |
| -47 | IP address is duplicated. |
| -48 | Failed to change address type. |
| -49 | Password does not match policy. |
| -50 | Invalid replacement message format. |
| -51 | Password is too short. |
| -52 | Password must contain at least one uppercase letter. |
| -53 | Password must contain at least one lowercase letter. |
| -54 | Password must contain at least one number. |
| -55 | Password must contain at least one non-alphanumeric character. |
| -56 | Empty value is not allowed. |
| -57 | New password must have at least four characters different from the old password. |
| -58 | User does not belong to this virtual domain. |
| -59 | IP address overlap with another interface. |
| -60 | Invalid address type. |
| -61 | Input is not as expected. |
| -62 | The legal characters are A-Z, a-z, 0-9, - and _ . |
| -63 | AntiVirus update failed. |
| -64 | AntiSpam engine update failed. |
| -65 | AntiSpam rules update failed. |
| -66 | AV signature already installed. |
| -67 | Physical interface cannot be deleted. |
| -68 | Duplicate SNMP community name. |
| -69 | SNMP community name cannot empty. |
| -70 | The port value is reserved for Global DNS |
| -71 | The Virtual Domain option cannot be disabled when multiple virtual domains are present. |
| -72 | You cannot add a new interface in the virtual domain pages. Go to the global configuration pages. |
| -73 | You cannot delete an interface in the virtual domain pages. Go to the global configuration pages. |
| -74 | It is not allowed to config this object in slave mode |
| -75 | When disable ipv6, host must be IPv4 |
| -76 | System API error. |
| -77 | When enable ipv6, host must be IPv6 |
| -78 | When enable ipv6, protocol cannot select arp |
| -79 | There is not enough memory to perform a geoip region database update |
| -80 | Updated failed. |
| -81 | The uploaded file is not a valid geoip database |
| -82 | The uploaded file is same as current geoip database |
| -83 | Only standalone or HA configure master can perform this task |
| -84 | IPS update failed. |
| -87 | IMAGE CRC error. |
| -88 | VS Port should keep consistent with Pool Member Port under Direct Routing mode. |
| -89 | Invalid number. |
| -90 | This port is uneditable |
| -130 | Invalid date. |
| -131 | Invalid year. |
| -132 | Invalid month. |
| -133 | Invalid day. |
| -134 | Invalid time. |
| -135 | Invalid hour. |
| -136 | Invalid minute. |
| -137 | Invalid second. |
| -138 | Invalid date of the month. |
| -139 | Invalid SSL OCSP Stapling Skew Time. |
| -140 | Invalid SSL Session Timeout. |
| -141 | Invalid SSL Session Cache Size. |
| -142 | Either the local cert is not issued by the issuer cert or they do not match the OCSP response |
| -144 | The imported OCSP response is invalid. |
| -145 | The imported local certificate is invalid. |
| -146 | The imported CA certificate is invalid. |
| -147 | Cannot delete default certificate. |
| -148 | Failed to sign local certificate through SCEP. |
| -149 | Failed to download CA certificate through SCEP. |
| -150 | Duplicated CA certificate is not allowed in one group. |
| -151 | Duplicated intermediate CA certificate is not allowed in one group. |
| -152 | Invalid encryption key. |
| -153 | Invalid authentication key. |
| -154 | Default certificate is not specified in the Local Certificate Group, the first one will be treated as default. |
| -155 | Only one default certificate is allowed in the Local Certificate Group. |
| -156 | Duplicated local cert is not allowed in one group. |
| -157 | Invalid license key |
| -158 | The Intermediate CA group is referenced, please dereference it first before you delete its last member |
| -159 | Default certificate is not specified in the Intermediate CA Group, the first one will be treated as default. |
| -160 | Invalid SSL CRL Update Ahead Time. |
| -161 | Invalid SSL CRL Update Interval Time. |
| -162 | Invalid SSL OCSP Stapling Update Ahead Time. |
| -163 | Invalid SSL OCSP Stapling Update Interval Time. |
| -164 | Invalid SSL OCSP Cache Size. |
| -165 | Invalid OCSP url |
| -166 | Invalid CERT Subject Alternative Name |
| -167 | Failed to import the PKCS #12 file. |
| -168 | Could not export the PKCS #12 file. |
| -169 | Certificate chain is not allowed! Only first certificate in chain is imported. |
| -170 | OCSP over secured http is not supported |
| -171 | Build-in certificate is not allowed to export. |
| -172 | HSM FIPS key size is too small |
| -173 | Initialization context failed. |
| -174 | Set context failed. |
| -201 | Passwords do not match. |
| -202 | IP address is blocklisted. Wait a few minutes before trying again. |
| -203 | IP address has been blocked. |
| -204 | Invalid username or password. |
| -205 | Only an admin user with super access profile is allowed when the VM license is invalid. |
| -206 | Cannot change the access profile of the predefined super admin account. |
| -207 | Cannot assign a higher privilege than your own. |
| -208 | Cannot delete current admin user. |
| -209 | Old password is invalid. |
| -210 | Password cannot be empty. |
| -211 | Invalid mode. |
| -212 | Invalid server. |
| -213 | Cannot config global admin user by normal admin user. |
| -214 | Invalid token |
| -215 | Invalid entry. |
| -216 | Invalid user |
| -217 | You need to disable shell access and modify the username or passowrd during next shell access enable config session. |
| -218 | Username is already used by system. |
| -280 | Command timeout. |
| -281 | Failed to add entry. |
| -282 | User canceled. |
| -283 | Configuration management database API error. |
| -284 | CLI parsing error. |
| -285 | Configuration condition is not fulfilled. |
| -286 | CLI internal error. |
| -287 | Configuration management database SQL API error. |
| -288 | Configuration file error. |
| -289 | Virtual domain not found. |
| -290 | Virtual domain is not supported on this platform. |
| -291 | Virtual domain number exceeds the maximum. |
| -292 | Delete all non-root vdoms first. |
| -513 | Invalid domain. |
| -514 | Creating entry error. |
| -515 | Maximum allocated quota has been reached. |
| -516 | Failed to delete a table entry. |
| -517 | Failed to append child list. |
| -602 | Invalid arguments. |
| -603 | The last bit of the MAC address first byte must not be 1. |
| -801 | The signature of the new image is invalid or contains invalid data. |
| -802 | The new image does not contain a signature. |
| -803 | Upgrade to the new image failed. |
| -804 | The signature of the new image is invalid or contains invalid data. |
| -805 | FIPS: Password too short. Must be at least 8 characters. |
| -806 | FIPS: Server mode is not supported when FIPS is enabled. |
| -807 | FIPS: Minimum certificate key length of 1024 bits is required. |
| -808 | FIPS: Unsupported certificate signature algorithm. |
| -809 | FIPS: Telnet/HTTP access are not allowed. |
| Error Code | Error Message |
|---|---|
| -1002 | System shutting down. |
| -1013 | Invalid device ID. |
| -1014 | Device blocked. |
| -1015 | Connection ignored. |
| -1016 | Device added as unregistered. |
| -1100 | Low encryption: Maximum certificate key length of 512 bits is required. |
| -1101 | Low encryption: Unsupported certificate signature algorithm. |
| -1102 | LDAP profile disabled. |
| -1103 | No additional caching configurations can be enabled for LDAP profiles. |
| -1108 | Error changing password. |
| -1110 | Supported key size: 512, 1024, 1536, 2048, 4096. |
| -1111 | Cannot import certificate. |
| -1200 | The specified IP address and port are already used by another virtual server. |
| -1201 | The specified IP address/port is the same as the management service (HTTP, HTTPS, SSH, Telnet, SNMP). |
| -1202 | Cannot add an identical policy route. |
| -1203 | The specified IP address and port is already used by another pool member. |
| -1204 | Health check name is invalid. |
| -1205 | Cannot modify virtual server ID and multiprocess ID once the virtual server has been created. |
| -1206 | Cannot set multiprocess ID when multiprocess mode is not enabled. |
| -1207 | The virtual server ID is already used. |
| -1208 | The virtual server multiprocess ID is already used. |
| -1209 | You must configure persistence for FTP profiles when Direct Routing mode is specified. |
| -1210 | The specified type already exists. |
| -1211 | The specified persistence type is not supported by Layer 4 virtual servers. |
| -1212 | The specified IP address will exist on different interfaces. |
| -1213 | The specified virtual server type does not support the Full NAT packet forwarding method. |
| -1214 | Source Pool must be set. |
| -1215 | The IP address range end address must be greater than or equal to the start address. |
| -1216 | IP address range limit is 128. |
| -1217 | IP address must not be 0.0.0.0,::, 255.255.255.255, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff etc. |
| -1218 | Conflicts with virtual server IP address. |
| -1219 | Conflicts with real server IP address. |
| -1220 | Conflicts with interface IP address. |
| -1221 | Source Pool address type error. |
| -1222 | Conflicts with gateway IP address. |
| -1223 | Virtual server IP address is invalid. |
| -1224 | Virtual server port is invalid. |
| -1225 | Real Server must be set. |
| -1226 | Load balance method must set. |
| -1227 | Connection pool is allowed only for Layer 7 virtual servers with source address disabled in the associated profile. |
| -1228 | URI regular expression is invalid. |
| -1229 | Layer 7 content routing supports only HTTP, HTTPS and TurboHTTP profiles. |
| -1230 | Content route type does not match the virtual server type. |
| -1231 | Content route list cannot be empty. |
| -1232 | The virtual server real server pool has not been set. |
| -1233 | Cannot change type when content routing is specified. |
| -1234 | Layer 4 content routing supports only TCP, UDP and FTP profiles. |
| -1235 | Layer 2 content routing supports only HTTP, HTTPS and TCPS profiles. |
| -1236 | The regular expression is invalid in the Condition Table. |
| -1237 | The profile is associate with a virtual server. You cannot change its type. |
| -1238 | Layer 4 FTP service is not supported for IPv6 traffic. |
| -1239 | The virtual server profile does not support the specified persisitence method. |
| -1240 | The specified profile and method together can’t be supported by this virtual server type. |
| -1241 | Unsupported ciphers list. |
| -1242 | Content routing is not supported by this virtual server. |
| -1243 | Content rewriting is not supported by this virtual server. |
| -1244 | Transactions rate limit is not supported by this virtual server, set it 0 to close. |
| -1245 | WAF profile is not supported by this VS |
| -1246 | Port Range is not supported, please check supported profile or range number |
| -1247 | Auth policy is not supported, only HTTP and HTTPS profile can support this. |
| -1248 | Auth policy is not supported with http once only profile. |
| -1249 | The content should be set usual IPv4/IPv6 addresses, with or without a netmask appended. |
| -1250 | Total subqueue bandwidth is greater than the parent queue bandwidth. |
| -1251 | The bandwidth format is invalid, or exceed range. |
| -1252 | The selected queue is not the child or grand(grand..) child of the root queue. |
| -1253 | Root queue duplicated (same direction and same interface). |
| -1254 | If you change parent of this queue, the root’s default queue will be lost. |
| -1255 | The specified bandwidth is less than the total sum of its child queues. |
| -1256 | The address specified by a QoS filter cannot be a range. |
| -1257 | The port specified by a QoS filter cannot be a range. |
| -1260 | The IP reputation redirect url must begin with http:// or https:// |
| -1261 | The geoip redirect url must begin with http:// or https:// |
| -1262 | The selected content type is already included. |
| -1263 | The real server name is already used by another pool member. |
| -1264 | Real Server name must be set. |
| -1265 | L2 exception list member limit reached! |
| -1266 | SSL mirror supports only HTTPS and TCPS profiles. |
| -1267 | SSL mirror interface number over limit |
| -1268 | Source pool is used as another virtual server with different traffic group. |
| -1269 | Port conflict with global load balance |
| -1270 | Connection pool is not supported in http keepalive mode. |
| -1271 | Can’t configure ippool in content routing if the share ip mode is disabled! |
| -1272 | The number of radius attribute list limit reached! |
| -1273 | The specified type already exists. |
| -1274 | The schedule pool list need to be configured. |
| -1275 | The specified shedule pools are conflict. |
| -1276 | Pool member number in schedule pool or pool member ID exceeds the maximum(128) when using Layer 7 virtual server. |
| -1277 | Invalid HTTP header value. |
| -1278 | Invalid HTTP header name. |
| -1279 | The max persistence entries is not supported with this profile |
| -1280 | The port number must be set to 0 when the profile`s type is IP |
| -1281 | The protocol number cannot be set to other than 0 when the profile`s type is not IP |
| -1282 | The same real server is assigned to different schedule pools of a virtual server or content routing. |
| -1283 | Can`t enable content-routing and schedule-pool at the same time |
| -1284 | VS Port should keep consistent with Pool Member Port under Tunnel mode. |
| -1285 | You must configure persistence for FTP profiles when tunnel mode is specified. |
| -1286 | The IP address types for VS and real server pool do not match. |
| -1287 | Can`t assign soft-switch to this virtual server with specified profile or packet forward method |
| -1288 | The L2 address is used by other. |
| -1289 | The specified IP address and port are used by other. |
| -1290 | The geo IP option is not support with the secified type, profile or packet forward method |
| -1291 | One Click GSLB Virtual Servers exceed the capacity. |
| -1292 | SSL version max is lower than min |
| -1293 | The specified interface ip and CoA port are used by other. |
| -1294 | The interface ip is required for CoA. |
| -1295 | The same HA Node Number is already exist in current NAT Source Pool. |
| -1296 | IPV6 pool is not supported on Layer 2 virtual server. |
| -1297 | Content routing is referenced by Layer 2 virtual server, IPV6 pool is not supported |
| -1298 | The specified Profile is not supported by L2 IPv6. |
| -1299 | The port number must be set to 21 when the profile type is FTP. |
| -1350 | You must set a heartbeat port. |
| -1351 | The license is a trial license. |
| -1352 | The specified interface is not under the root virtual domain. |
| -1353 | The number of heartbeat ports is out of range. You can select 1-2 ports. |
| -1354 | The number of data ports is out of range. You can select 1-3 ports. |
| -1355 | The number of monitor ports is out of range. You can select 1-16 ports. |
| -1356 | Can not use tftp ha synchronization in standalone mode. |
| -1357 | The member port can not be configured as ha heartbeat,data,or monitor port. |
| -1358 | The number of gateway monitor is out of range. You can config 1-64 gateways. |
| -1359 | The same remote ip entry is exist. |
| -1360 | Only master can do this operation. |
| -1361 | Only HA VRRP mode can do this operation. |
| -1362 | The traffic group is not exist. |
| -1363 | The number of traffic group is out of range. |
| -1364 | The ethernet type must be 4 hex digit. |
| -1365 | The same ethernet type value can’t be used as different ethernet type. |
| -1366 | The HA management IP address isn’t set |
| -1367 | The HA management interface isn’t set |
| -1368 | IP address overlaps with the HA management IP address |
| -1369 | HA Unicast Local IP Address must be set! |
| -1370 | HA Unicast Peer IP Address must be set! |
| -1371 | HA Unicast is only supported by VRRP mode |
| -1372 | HA Unicast isn’t support at this platform. |
| -1373 | Only HA VRRP mode and HA Unicast are supported on this platform. |
| -1374 | HA is not supported on this platform. |
| -1375 | HA Unicast Local IP Address must be one of the Heartbeat interfaces. |
| -1376 | The IP address is used by HA Unicast Local Address. |
| -1377 | Please switch to Standalone firstly. |
| -1450 | The prefix is already used. |
| -1451 | Egress Interface must be set. |
| -1452 | The IP address range end address must be greater than the start address. |
| -1453 | The Translate to IP address must be set. |
| -1454 | The IP address type for the specified gateway and destination do not match. |
| -1455 | The IP address/range is invalid. |
| -1456 | The mapped address/range cannot include any interface address. |
| -1457 | The external address/range cannot include any interface address when port forwarding is enabled. |
| -1458 | The external address/range cannot include the external interface address. |
| -1459 | The IP address/range cannot overlap. |
| -1460 | The port/range is invalid. |
| -1461 | Conflicts with the mapped IP address for 1-to-1 NAT rules. |
| -1462 | Conflicts with the external IP address for 1-to-1 NAT rules. |
| -1463 | The interface is already set. |
| -1464 | The ISP group is already used. |
| -1465 | The area id is invalid. |
| -1466 | Duplicated area id is not allowed. |
| -1467 | The mapped IP address/range is conflict with IP address of virtual server. |
| -1469 | The range of id is from 1 to 256 |
| -1550 | Source IP address must be the address for an interface or a virtual server. |
| -1551 | Destination IP address must be set. |
| -1552 | Timeout must be less than Interval. |
| -1553 | The gateway has not been set. |
| -1554 | When health check is enabled, you must specify one health check. |
| -1555 | The specified gateway already exists. |
| -1556 | Health check is used by a gateway. |
| -1557 | The Local Virtual Server must be set correctly. |
| -1558 | The Local Virtual Server listening interface must be the same as the LLB gateway egress interface. |
| -1559 | IPv4 address must be set. |
| -1560 | IPv6 address must be set. |
| -1561 | Domain name must be set. |
| -1562 | Pool name must be set. |
| -1563 | Link policy number exceeds the maximum (4096). |
| -1564 | Link group number exceeds the maximum (1024). |
| -1565 | Link member number exceeds the maximum (255). |
| -1566 | Invalid address range. |
| -1567 | The link load balancing policy rule cannot use the default link group. |
| -1568 | The link group is already used by a link load balancing policy rule. |
| -1569 | LLB gateway is not a valid member of the default link group. |
| -1570 | The default link group is being used. |
| -1571 | The link member is being used by a DNS host pool. |
| -1572 | Gateway conflict with local interface IP address. |
| -1573 | Link group must be set. |
| -1574 | Virtual tunnel group must be set. |
| -1575 | Aging period should not be shorter than retry time. |
| -1576 | Duplicate entry is not allowed in proximity static table. |
| -1577 | Conflicts with virtual server source pool address. |
| -1578 | Invalid link group or link group member. |
| -1579 | Conflicts with NAT translate to address. |
| -1580 | The virtual server port is already in used |
| -1650 | Invalid Maximum Object Size. |
| -1651 | Invalid Maximum Cache Size. |
| -1652 | Invalid Maximum Certificate Cache Size. |
| -1701 | The destination port range end value must be greater than the start value. |
| -1702 | The source port range end value must be greater than the start value. |
| -1703 | The IP address range end address must be greater than the start address. |
| -1900 | Log category is not supported. |
| Error Code | Error Message |
|---|---|
| -2001 | PHP invalid arguments. |
| -2002 | An error occured while uploading. |
| -2003 | Upload failed (not finished). |
| -2004 | Upload category not supported. |
| -2005 | Download category not supported. |
| -2006 | Failed to convert string to data (PHP internal error). |
| -2007 | Failed to synchronize the configuration. |
| -2008 | Failed to set the system time. |
| -2009 | Failed to generate the report. |
| -2010 | Failed to connect to the SMTP server. |
| -2011 | Failed to set filter for the Event log. |
| -2012 | Failed to set filter for the Traffic log. |
| -2013 | Log is not ready. |
| -2014 | User count has reached the limit. |
| -2015 | Log system is busy. |
| -2016 | Cannot swap boot partition because there is only one valid boot partition. |
| -2017 | Failded to start packet capture |
| -2018 | Failded to stop packet capture |
| -2019 | Failded to save packet capture file |
| Error Code | Error Message |
|---|---|
| -3001 | Zone is used by another DNS policy. |
| -3002 | Compatible IPv6 prefixes have lengths of 32 40 48 56 64 and 96 (RFC 6052). |
| -3003 | ACL name is reserved by system. |
| -3004 | Invalid anchor key format. The key format should like this: “domainname” num1 num2 num3 “content”. |
| -3005 | Domain name can’t be changed. |
| -3006 | Invalid domain name. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must end with a ’.’ character. |
| -3007 | Invalid primary server name. only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’ ’-.’ are allowed and must not end with a ’-’ character. |
| -3008 | Primary Server IP address must be set. |
| -3009 | The DNSSEC related information for a zone cannot be modified. You can unset DNSSEC. |
| -3010 | Invalid hostname. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must not end with ’-.’ character. Or ’@’ as null, ’*’ as wildcard. |
| -3011 | IP address must be set. |
| -3012 | Invalid alias. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’_-.’ are allowed and must not end with ’-.’ character. Or ’*’ as wildcard. |
| -3013 | Invalid target. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’_-.’ are allowed and must not end with ’-’ character. Or ’@’ as null, ’*’ as wildcard. |
| -3014 | Duplicated alias name. |
| -3015 | Invalid ns domain name. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must not end with ’-.’ character. Or ’@’ as null. |
| -3016 | Duplicated ns record. |
| -3017 | Only ‘a’-‘z’ ‘A’-‘Z’ ‘0’-‘9’ ’-’ are allowed for name string. |
| -3018 | Dsset list filename must be unique |
| -3019 | Create fqdn-generate type zone error |
| -3020 | Zone is used by FQDN host |
| -3021 | Zone is generated by FQDN host, so you can’t modify the domain name |
| -3022 | Zone is used by dns policy, so you can’t modify the domain name |
| -3023 | Virtual server port cannot be 0 |
| -3024 | Invalid txt name. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’_-.’ are allowed and must not end with ’-.‘. Or just ’@’ as null, ’*’ as wildcard. |
| -3025 | Invalid txt text. only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’.*/-:_?=@,&’ are allowed and must not end with a ’.’ character. |
| -3026 | Duplicated record. |
| -3027 | Invalid anchor key content. |
| -3028 | Invalid mx hostname. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must not end with ’-‘. Or just ’@’ as null. |
| -3029 | Invalid responsible mail. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must not end with ’-‘. Also the ’@’ need be replaced by the ’.’ character. |
| -3030 | The name can’t be same as domainname. |
| -3031 | Zone is used by FQDN host. |
| -3032 | Server and gateway must be set |
| -3033 | Link and Link member are in different Datacenter! |
| -3034 | Duplicated link member with other link |
| -3035 | Port 53 is conflict with server-load-balance |
| -3036 | Invalid PTR Address. It should be an IP address or part of IP address in reverse format. Or just ’@’ as null, ’*’ as wildcard. |
| -3037 | GEOIPs are duplicated |
| -3038 | GEOIPs are conflicted |
| -3039 | Topologys’ members are duplicated in the GLB host |
| -3040 | Virtual Server pools are duplicated in the GLB host |
| -3041 | GLB FQDN hosts are duplicated |
| -3042 | Invalid ns hostname. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed, and must not end with ’-’ character. |
| -3043 | IP address must not be set, while host-name end with ’.’ |
| -3044 | GEOIP list cannot be NULL |
| -3045 | Password length is too long(limitation:0 ~ 60)! |
| -3046 | Invalid mx domain name. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must not end with ’-.‘. Or just ’@’ as null, ’*’ as wildcard. |
| -3047 | Zone type is not allowed to switch. |
| -3048 | ’fqdn_generate_’ can’t be used as non-fqdn-generate type zone name |
| -3049 | Invalid srv hostname. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’_-.’ are allowed and must not end with ’-.‘. Or just ’@’ as null, ’*’ as wildcard. |
| -3050 | Invalid srv target name. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must not end with ’-‘. Or just ’@’ as null. |
| -3051 | Invalid PTR fqdn. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’-.’ are allowed and must end with ’.‘. |
| -3052 | Policy is not find with the input policy name. |
| -3053 | Zone is not find with the input zone name. |
| -3054 | Host is not find with the input host name. |
| -3055 | Duplicated server name is existed. |
| -3056 | Duplicated vsp name is existed. |
| -3057 | Duplicated host name is existed. |
| -3058 | Wizard server name is too long. |
| -3059 | Wizard vsp name is too long. |
| -3060 | Server member IP and type cannot be changed when server auto-sync is enabled. |
| -3061 | Server member cannot be added when server auto-sync is enabled. |
| -3062 | Server member cannot be deleted when server auto-sync is enabled. |
| -3063 | Invalid dsset list filename, should start with ‘dsset-’. |
| -3064 | The listen port of the IPv4 loopback address is used by other. |
| -3065 | The listen port of the IPv6 loopback address is used by other. |
| -3066 | The listen port of the IPv4 interface address is used by other. |
| -3067 | The listen port of the IPv6 interface address is used by other. |
| -3068 | The listen port of the floating address is used by other. |
| -3069 | The listen port of the secondary address is used by other. |
| -3070 | The listen port of the secondary floating address is used by other. |
| -3071 | The listen port of the HA node address is used by other. |
| -3072 | The listen port of the HA node secondary address is used by other. |
| -3073 | Invalid caa hostname. Only ‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’, ’_-.’ are allowed and must not end with ’-.‘. Or just ’@’ as null, ’*’ as wildcard. |
| -3074 | Duplicated server IP is existed, please add virtual server members to the existing server. |
| -3075 | TXT record text length is exceed 255, please use two quotes ’""’ to paragraph the record. |
| -3076 | Alias name is conflict with A/AAAA record host name. |
| -3077 | Alias name is conflict with NS record host name. |
| -3078 | Alias name is conflict with NS record domain name. |
| -3079 | Alias name is conflict with MX record host name. |
| -3080 | Alias name is conflict with MX record domain name. |
| -3081 | Alias name is conflict with SRV record host name. |
| -3082 | Alias name is conflict with TXT record name. |
| -3083 | Alias name is conflict with CAA record host name. |
| -3084 | Alias name is conflict with host configure. |
| -3085 | A/AAAA record host name is conflict with CNAME Alias. |
| -3086 | NS record host name is conflict with CNAME Alias. |
| -3087 | NS record domain name is conflict with CNAME Alias. |
| -3088 | MX record host name is conflict with CNAME Alias. |
| -3089 | MX record domain name is conflict with CNAME Alias. |
| -3090 | SRV record host name is conflict with CNAME Alias. |
| -3091 | TXT record name is conflict with CNAME Alias. |
| -3092 | CAA record host name is conflict with CNAME Alias. |
| -3093 | Host configure is conflict with CNAME Alias. |
| -3094 | Server member address must be set. |
| -3095 | NS record is not allow to change domain or remove, should remove the related dsset file and save the zone first. |
| -3096 | Dsset file is not allow to add, should add the related ns record first. |
| -3097 | TXT record text contains unmatched double quotes. |
| -3098 | Port 53 is conflict with GLB Setting Listen on Port |
| -3099 | Port 53 is conflict with System Settings Basic |
| -3100 | The DNS over TCP/UDP service port is used by other. |
| -3101 | The DNS over HTTPS service port is used by other. |
| -3102 | The DNS over HTTP service port is used by other. |
| -3103 | The DNS over TLS service port is used by other. |
| -3104 | The DNS over TCP/UDP service port of the IPv6 interface address is used by other. |
| -3105 | The DNS over TCP/UDP service port of the IPv4 interface address is used by other. |
| -3106 | The DNS over HTTPS service port of the IPv6 interface address is used by other. |
| -3107 | The DNS over HTTPS service port of the IPv4 interface address is used by other. |
| -3108 | The DNS over HTTP service port of the IPv6 interface address is used by other. |
| -3109 | The DNS over HTTP service port of the IPv4 interface address is used by other. |
| -3110 | The DNS over TLS service port of the IPv6 interface address is used by other. |
| -3111 | The DNS over TLS service port of the IPv4 interface address is used by other. |
| -3112 | The DNS over TCP/UDP service port of the secondary address is used by other. |
| -3113 | The DNS over HTTPS service port of the secondary address is used by other. |
| -3114 | The DNS over HTTP service port of the secondary address is used by other. |
| -3115 | The DNS over TLS service port of the secondary address is used by other. |
| -3116 | The DNS over TCP/UDP service port of the secondary floating address is used by other. |
| -3117 | The DNS over HTTPS service port of the secondary floating address is used by other. |
| -3118 | The DNS over HTTP service port of the secondary floating address is used by other. |
| -3119 | The DNS over TLS service port of the secondary floating address is used by other. |
| -3120 | The DNS over TCP/UDP service port of the HA node address is used by other. |
| -3121 | The DNS over HTTPS service port of the HA node address is used by other. |
| -3122 | The DNS over HTTP service port of the HA node address is used by other. |
| -3123 | The DNS over TLS service port of the HA node address is used by other. |
| -3124 | The DNS over TCP/UDP service port of the HA node secondary address is used by other. |
| -3125 | The DNS over HTTPS service port of the HA node secondary address is used by other. |
| -3126 | The DNS over HTTP service port of the HA node secondary address is used by other. |
| -3127 | The DNS over TLS service port of the HA node secondary address is used by other. |
| -3128 | The DoH/DoT certificate is invalid. |
| -3129 | The DNSSEC keys are incomplete, please wait while. |
| -3200 | Predefine ISP address-book cannot be deleted. |
| -3201 | Restored ISP address-book cannot be deleted. |
| -3202 | Duplicated subnet is not allowed in the same ISP address-book. |
| -3203 | Subnet already exists in another ISP address-book. |
| -3204 | Subnet not exists in the ISP address-book. |
| -3205 | ISP address-book not exists. |
| -3206 | Only the predefined subnet can be added to the exclude-address list |
| -3210 | Duplicated address is not allowed in the same address group. |
| -3211 | Duplicated service is not allowed in the same service group. |
| -3212 | Can not load predefine isp address-book. |
| -3213 | Predefine isp is used by isp route. |
| -3214 | Predefine isp is used by link-load-balance flow-policy. |
| -3215 | Predefine isp is used by link-load-balance proximity entry. |
| -3216 | Predefine isp is used by global-load-balance data-center. |
| -3217 | Can not unload predefine isp address-book. |
| -3218 | Can not add exclude address for user-define ISP address-book. |
| -3219 | Predefine isp is used by global-load-balance link. |
| -3220 | Predefine isp is used by global-load-balance host. |
| -3260 | Health check is used by LLB gateway, can not use port 0. |
| -3261 | Health check is used by GLB generic host, can not use port 0. |
| -3262 | Health check use port 0, can not used by LLB gateway. |
| -3263 | Health check use port 0, can not used by GLB generic host. |
| -3500 | URI regular expression is invalid. |
| -3501 | File extension regular expression is invalid. |
| -3502 | Maximum code should be equal or greater than minimum code. |
| -3503 | Request URL should begin with ’/‘. |
| -3504 | Exception rule exceeds maximum dfa graph size. |
| -3505 | Exception rule regular expression is invalid. |
| -3506 | Another exception already exists in the rule ID |
| -3507 | Bot detection URL regular expression is invalid. |
| -3508 | Bot detection URL should begin with ’/‘. |
| -3509 | Bot detection URL parameter name regular expression is invalid. |
| -3510 | Bot detection cookie name regular expression is invalid. |
| -3511 | Bot detection user-agent regular expression is invalid. |
| -3512 | Bot detection allowlist rule cannot be empty. |
| -3513 | Bot detection IP mask should be <1 ~ 32>. |
| -3514 | Duplicate signature category is not allowed. |
| -3515 | Duplicate signature sub category is not allowed. |
| -3516 | Duplicate exception rule is not allowed. |
| -3517 | Signature ID not found in this virtual server. |
| -3518 | XML schema file does no exist. |
| -3519 | JSON schema file does not exist. |
| -3520 | Request URL should begin with ’/‘. |
| -3521 | Data leak prevention regular expression is invalid. |
| -3522 | Sensitive data type regular expression is invalid. |
| -3523 | File restrict file type not exist. |
| -3524 | File restrict file extension is invalid. |
| -3525 | Request URL should begin with ’/‘. |
| -3526 | URL regular expression is invalid. |
| -3527 | A duplicate entry already exists. |
| -3528 | Parameter Value regular expression is invalid. |
| -3529 | OpenAPI schema file does not exist. |
| -3530 | Invalid file format of OpenAPI Schema. |
| -3531 | Secure should be set when using samesite none. |
| -3532 | Request URL should begin with ’/‘. |
| -3533 | URL regular expression is invalid. |
| -3534 | CORS allowed methods is not set. |
| -3535 | CORS allowed headers list does not exist. |
| -3536 | CORS exposed headers list does not exist. |
| -3537 | Profile not found. |
| -3538 | Profile rule not found. |
| -3539 | This profile does not support add exception. |
| -3540 | URL regular expression is invalid. |
| -3600 | Scripting file no exist. |
| -3601 | Scripting has invalid event. |
| -3602 | Scripting event duplicates. |
| -3603 | Scripting syntax error. |
| -3604 | Scripting doesn’t contain any event. |
| -3605 | Scripting doesn’t support non standalone mode |
| -3606 | Some content routing(s) in the script does not exist in the VS configuration |
| -3607 | Scripting has mismatched { and } |
| -3608 | Scripting has invalid class function |
| -3609 | Scripting supports only L2 or L7 virtual server with HTTP or HTTPS type of profile |
| -3610 | Some script(s) in the script list does not exist |
| -3999 | Dual cert has same type. |
| Error Code | Error Message |
|---|---|
| -4001 | The location header should not be used in http request. |
| -4002 | The ssl proxy mode can’t support strict sni request. |
| -4003 | The ssl proxy mode must have a non-empty certificate group and a default certificate in it. |
| -4004 | The ssl proxy mode must have intermediate ca group. |
| -4005 | The ssl proxy mode requests that intermediate ca group must have default ca. |
| -4006 | The ssl proxy mode requests a valid default intermediate ca in group. |
| -4007 | The ssl proxy mode requests default intermediate ca must have a private key. |
| -4008 | The ssl proxy mode can’t support this method. |
| -4009 | The ssl proxy mode can’t support this persistence. |
| -4010 | The ssl proxy mode can’t support content routing. |
| -4011 | The input SSL cipher suite(s) not supported, please check spelling |
| -4012 | The ssl proxy mode can’t support certificate verify. |
| -4013 | The l2 exception list can’t support this type of profile. |
| -4014 | The ssl proxy mode can’t support connection pool. |
| -4015 | Only one default certificate is allowed in the Intermediate CA Group. |
| -4016 | Not allowed to change the configured certificate for a remote setup. |
| -4017 | Referenced CRL file does not exist |
| -4018 | Referenced CA file does not exist |
| -4019 | Referenced CA group is empty |
| -4020 | Referenced remote is missing certificate and/or OCSP URL |
| -4021 | Referenced intermediate CA file does not exist |
| -4022 | Referenced local cert file does not exist |
| -4023 | Referenced intermediate CA group is empty |
| -4024 | Referenced intermediate ca has a mismatched certificate type |
| -4025 | Referenced certificate and intermediate ca have mismatched certificate type |
| -4026 | The certificate and/or its key file is referenced, please dereference it first |
| -4027 | The CA group is referenced, please dereference it first before you delete its last member |
| -4028 | The OCSP is referenced, please dereference it first before you clear its URL |
| -4029 | Web filter profile has duplicate category or sub category. |
| -4030 | Error page file does no exist. |
| -4031 | The number of SIP header operator excess |
| -4032 | Cannot add an identical SIP header operator |
| -4033 | SIP header string only accepts header name for erase operator |
| -4034 | SIP header string need ‘header: value’ format for insert operator |
| -4035 | The SIP protocol doesn’t support this method |
| -4036 | The SIP protocol doesn’t support this persistence |
| -4037 | The SIP SLB doesn’t support non standalone mode |
| -4038 | The SIP SLB only support L7 mode |
| -4039 | The SIP SLB doesn’t support authentication policy |
| -4040 | The SIP SLB doesn’t support connection pool |
| -4041 | The SIP SLB doesn’t support content routing |
| -4042 | The SIP SLB doesn’t support content rewriting |
| -4043 | The SIP SLB doesn’t support error page |
| -4044 | The SIP SLB doesn’t support WAF |
| -4045 | The SIP SLB doesn’t support virtual server scripting |
| -4046 | The SIP SLB doesn’t support multi processes |
| -4047 | The SIP SLB doesn’t support virtual server warm up |
| -4048 | The SIP SLB doesn’t support the number of port more than 5 |
| -4049 | The RDP profile must be a L7 virtual server type. |
| -4050 | The RDP profile doesn’t support content routing. |
| -4051 | The RDP profile doesn’t support content rewriting. |
| -4052 | The RDP profile doesn’t support transaction limit. |
| -4053 | The RDP profile doesn’t support port range. |
| -4054 | The RDP profile doesn’t support authentication policy. |
| -4055 | The RDP profile doesn’t support scripting. |
| -4056 | The RDP profile doesn’t support error page. |
| -4057 | The RDP profile doesn’t support waf profile. |
| -4058 | The RDP profile doesn’t support this method. |
| -4059 | The RDP profile doesn’t support this persistence. |
| -4060 | The SIP SLB doesn’t support IPv4-mapped IPv6 address |
| -4061 | Bad string, double quotation is not acceptable |
| -4062 | The ge number of the prefix list rule is not correct |
| -4063 | The le number of the prefix list rule is not correct |
| -4064 | The ge number and le number of the prefix list rule is not correct |
| -4065 | Conflict with distribute list in and prefix list in |
| -4066 | Conflict with distribute list out and prefix list out |
| -4067 | bgp as number is out of range |
| -4068 | bgp neighbor remote as number is out of range |
| -4069 | bgp neighbor keepalive and holdtime timer is not correct |
| -4070 | The access list name is not supported |
| -4071 | bgp neighbor ebgp multihop only allowed for EBGP peers |
| -4072 | bgp neighbor ttl security only allowed for EBGP peers |
| -4073 | bgp neighbor ttl security and ebgp multihop cannot be configured together |
| -4074 | The match condition’s count limitation has been reached. |
| -4075 | The local certificate group mustn’t be empty. |
| -4076 | The method type can’t change when it has been referenced. |
| -4077 | IP profile only support for L2 load balance. |
| -4078 | protocol number setting is not supported for this profile |
| -4079 | protocol number setting is conflict with another virtual server |
| -4080 | virtual server port is 0, real server health check port should not be 0 |
| -4081 | virtual server port is 0, real server member health check port should not be 0 |
| -4082 | virtual server port is 0, real server port should also be 0 |
| -4083 | This type’s virtual server port count limit reached. |
| -4084 | Virtual server only support at most 8 port ranges. |
| -4085 | Virtual server port should be 0 or 1-65535, and port start should be no larger than port end. |
| -4086 | Virtual server only support at most 8 protocol ranges. |
| -4087 | Virtual server protocol number should be between 0-255, and protocol start should be no larger than protocol end. |
| -4088 | Virtual server port should be a number or a range with ’-‘. |
| -4089 | Virtual server protocol should be a number or a range with ’-‘. |
| -4090 | Virtual server port 0 should be not configured with other ports. |
| -4091 | Virtual server port 0 is not supported for this profile. |
| -4092 | bgp neighbor passowrd length should less than 80 |
| -4162 | Please select a CA for this verify member |
| -4163 | The selected CRL file is not issued by this CA |
| -4164 | This CA certificate is already included in the verify. |
| -4165 | CA group is missing in a referenced remote |
| -4166 | No remote selected for the referenced OCSP in the verify |
| -4167 | The remote certificate file does not exist for the selected remote in the referenced OCSP in the verify |
| -4168 | Referenced OCSP is missing URL |
| -4169 | The DNS profile must be a L7 virtual server type. |
| -4170 | The DNS profile doesn’t support content routing. |
| -4171 | The DNS profile doesn’t support content rewriting. |
| -4172 | The DNS SLB doesn’t support connection pool |
| -4173 | The DNS profile doesn’t support port range. |
| -4174 | The DNS profile doesn’t support authentication policy. |
| -4175 | The DNS profile doesn’t support scripting. |
| -4176 | The DNS profile doesn’t support error page. |
| -4177 | The DNS profile doesn’t support waf profile. |
| -4178 | The DNS profile doesn’t support this method. |
| -4179 | The DNS profile doesn’t support persistence. |
| -4180 | The DNS SLB doesn’t support non standalone mode |
| -4181 | The DNS SLB doesn’t support multi processes |
| -4182 | The DNS SLB doesn’t support virtual server warm up |
| -4183 | The DNS SLB doesn’t support connection limit |
| -4184 | Caching policy is not supported with profile other than server-close. |
| -4185 | Invalid SSO Domain format: XXX.[Domain] |
| -4186 | Top level domain is not allowed |
| -4187 | Maximum of 2 components are used |
| -4188 | Valid principal format: Name[/instance]@REALM |
| -4189 | Cross realm is not supported |
| -4190 | Duplicated SPN within Realm |
| -4191 | At most 1 auth-relay server can be configured in a user group |
| -4192 | Member type should be either auth-relay server or other authentication server |
| -4193 | There should be at least one member for SSO type user-group |
| -4194 | Domain prefix should be a valid NetBIOS domain name |
| -4195 | The metric instance name does not match metric object type |
| -4196 | The metric member does not match metric object type |
| -4197 | The virtual path is used |
| -4198 | The memeber type with NTLM only support Normal Group Type |
| -4199 | Only allow one NTLM server when client auth. method is NTLM |
| -4200 | SAML SSO can’t support the ECDSA certificate. |
| -4201 | SAML SSO export assertion ACL list is full. |
| -4202 | The auth policy can only contain one SAML SSO profile. |
| -4203 | The SAML SSO can’t support the non standalone VS. |
| -4204 | The SMTP profile must be a L7 virtual server type. |
| -4205 | The SMTP profile doesn’t support content routing. |
| -4206 | The SMTP profile doesn’t support content rewriting. |
| -4207 | The SMTP profile doesn’t support port range. |
| -4208 | The SMTP SLB doesn’t support virtual server warm up. |
| -4209 | The SMTP profile doesn’t support authentication policy. |
| -4210 | The SMTP profile doesn’t support scripting. |
| -4211 | The SMTP profile doesn’t support error page. |
| -4212 | The SMTP profile doesn’t support waf profile. |
| -4213 | The SMTP profile doesn’t support this method. |
| -4214 | The SMTP profile doesn’t support this persistence. |
| -4215 | The SMTP profile must be set domain name. |
| -4216 | attribute ‘local-cert-group’ must be set. |
| -4217 | Doesn’t support interface with type loopback |
| -4218 | hardware-ssl-status can’t enable because global HSM enable and client-ssl-profile is used at the same time. |
| -4219 | the number of enabled hardware-ssl process is exceed the limit. |
| -4220 | the size of RSA key of client-ssl-profile is not support by hardware-ssl-status all and ae-only. |
| -4221 | the size of RSA key of rs-profile is not support by hardware-ssl-status all and ae-only. |
| -4222 | client ssl versions are not continuous. |
| -4223 | client backend ssl versions are not continuous. |
| -4224 | Only TCPS and HTTPS profile need client ssl profile |
| -4225 | TCPS and HTTPS profile require client ssl profile |
| -4226 | The ssl proxy mode can’t support L4-VS. |
| -4227 | The selected local-ca in the ssl proxy mode is not a CA. |
| -4228 | Referenced local signing ca cert file or key file does not exist |
| -4229 | There is a conflict between SSL proxy mode and the profile type, SSL proxy supports only HTTPS profile |
| -4230 | The Verify group is referenced, please dereference it first before you delete its last member |
| -4231 | Client SSL Supported Groups have no FFDHExxx |
| -4232 | Client SSL enabled RFC7919 Comply but no DHE ciphers |
| -4233 | Client SSL Supported Groups have no EC curve |
| -4234 | Client SSL add EC curve in Supported Groups but no ECDHE ciphers |
| -4235 | Client SSL RFC7919 Comply can not support TLS 1.3 |
| -4236 | Client SSL RFC7919 Comply can not support SSLv3 |
| -4240 | The specified load-balance-profile of virtual server does not support the specified type |
| -4241 | The specified load-balance-profile of virtual server does not support the specified load-balance-persistence |
| -4242 | The specified type of virtual server does not support traffic log |
| -4270 | Only HTTP Form is support 2FA authentication |
| -4298 | DIAMETER profile with client_ssl require client ssl profile. |
| -4299 | The profile is associate with a virtual server. You cannot change its client_ssl. |
| -4300 | The Real Server that uses the ip/ip6 has existed. |
| -4301 | The specified Real Server and port is already used by another pool member. |
| -4302 | The Source IP Pool not support this packet forward method. |
| -4303 | The Source IP Pool not support this type of profile. |
| -4304 | The SAML SSO can’t support the multi-port VS. |
| -4305 | The table in mysql-sharding is duplicate. |
| -4306 | There is not IPv4 address in the real-server. |
| -4307 | There is not IPv6 address in the real-server. |
| -4308 | Can not unset IPv4, it used by a pool member. |
| -4309 | Can not unset IPv6, it used by a pool member. |
| -4310 | The MySQL virtual-server don’t support traffic-log. |
| -4311 | The MySQL virtual-server don’t support load-balance-persistence. |
| -4312 | SMTP profile with StartTLS require client ssl profile. |
| -4313 | There is a conflict between client ssl profile and the profile type, SMTP profile with StartTLS require local-certificate-group. |
| -4314 | SMTP profile with StartTLS doesn’t support client-certificate-verify. |
| -4315 | SMTP profile with StartTLS doesn’t support client-sni-required. |
| -4316 | The profile is associate with a virtual server. You cannot change its starttls-active-mode. |
| -4317 | Pagespeed is not supported by this VS. |
| -4318 | Page control regular expression is invalid. |
| -4319 | Resource control regular expression is invalid. |
| -4320 | HSM register failed. |
| -4321 | The imported HSM server certificate is invalid. |
| -4322 | Can’t assign application id on partition, please check HSM. |
| -4323 | HSM Partition is required. |
| -4324 | HSM is disabled. Enable it first. |
| -4325 | A management port can’t be HSM outgoing interface and vice versa. |
| -4326 | RSA only if HSM is using. |
| -4327 | Interface primary ip must be set. |
| -4328 | 60F doesn’t support HSM now. |
| -4329 | Diagnosis HSM partition failed. |
| -4330 | Maximum partition number is reached |
| -4331 | HSM is registered with this interface, please unregisetr it before making change |
| -4332 | Server ip is required |
| -4333 | Interface with LOOPBACK/DHCP type or PPPOE mode is not supported |
| -4334 | No client certificate! Use execute command to generate it. |
| -4335 | Fail to create HSM client certificate |
| -4336 | HSM unregister failed. |
| -4350 | The origin-host must be a valid FQDN. |
| -4351 | The origin-realm must be a valid domain name. |
| -4352 | The origin-host in profile can not equal the one in health check. |
| -4360 | This SSL parameter isn’t allowed by HTTP/2, see RFC7540 Appendix A for more detail. |
| -4361 | This virtual server type not support by HTTP/2. |
| -4362 | The specified IP is conflict with IP address/range of static NAT. |
| -4370 | The RDP profile doesn’t support pagespeed. |
| -4371 | The DNS profile doesn’t support paegspeed. |
| -4372 | The SMTP profile doesn’t support paegspeed. |
| -4373 | The pagespeed doesn’t support the non standalone VS. |
| -4374 | The pagespeed doesn’t support http once only profile. |
| -4375 | The profile is associating with a virtual server. You can not change its MySQL mode. |
| -4381 | Cannot delete default intermediate ca group. |
| -4382 | Invalid intermediate ca group. |
| -4383 | IP address must not be 0.0.0.0,::, 255.255.255.255, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff etc. |
| -4384 | Proxy server port must not be 0. |
| -4390 | IDP file format is not correct. |
| -4395 | A challenge token is required. |
| -4396 | Input token is invalid. |
| -4399 | Only local and NTLM member is allowed if authentication method is NTLM |
| -4400 | Disable wildcard before changing authentication type to local |
| -4401 | Remote server is currently used by wildcard authentication |
| -4402 | Non-wildcard admin is referenced to this remote server |
| -4410 | restore of entire configuration required because the origianl configuration has scripts, error pages, … |
| -4412 | The Source IP Pool is conflict from other virtual server. |
| -4413 | AV profile is not supported. |
| -4414 | The name of overlay tunnel conflict with a interface name |
| -4415 | HealthCheck List cannot be empty |
| -4416 | only IPv4 unicast address can be set as destination IPs |
| -4417 | Can’t change settting before empty remote-host table |
| -4418 | only one IPv4 multicast address can be set as destination IP |
| -4419 | Renegotiation interval value is not valid. |
| -4420 | the vtep of host can’t be multicast |
| -4421 | multicast is not support by nvgre |
| -4422 | duplicate vni with other overlay-tunnel |
| -4423 | Renegotiation period value is not valid. |
| -4424 | the outgoing interface is used by others |
| -4425 | Cannot change the vdom of the interface |
| -4426 | Invalid OCI key |
| -4427 | The virtual servers can not have real servers with same address and port |
| -4430 | The maximum of clone pool member has been reached |
| -4432 | The clone pool is not supported with IPv6 address |
| -4433 | The clone pool is not supported with specified profile |
| -4434 | The clone pool is not supported with specified packet forward method and clone traffic type |
| -4440 | The addr type of the server pool is not IPv4 |
| -4441 | The number of wvs task is out of range |
| -4442 | This pool is referenced by wvs profile. The addr type of this pool should be IPv4 |
| -4443 | The report is not found |
| -4444 | The spaces is not enough to preview the report |
| -4445 | The regex is not valid |
| -4446 | The url pattern match our scanner signature, sfi9876 |
| -4450 | Read certificate file failed |
| -4451 | Certificate type not recognized |
| -4452 | Chained cert contained in the file |
| -4453 | Certificate key type not recognized |
| -4454 | Input value empty |
| -4455 | Create tmp file failed |
| -4456 | Invalid OCSP response |
| -4457 | OCSP response does not match local and issuer |
| -4458 | Invalid certificate |
| -4459 | Not a CA certificate |
| -4460 | Failed to store the private key |
| -4461 | Invalid key |
| -4462 | Invalid CRL |
| -4463 | Duplicate cert or key file |
| -4464 | Key file exists, need delete first |
| -4465 | Cert forming file path failed |
| -4466 | Cert file in the new path doesnot exist |
| -4480 | client-address of SIP profile only works on UDP protocol at server side |
| -4481 | The profile is associate with a virtual server. You cannot change its protocol. |
| -4500 | Failed to create temporary file |
| -4501 | Failed to backup to temporary file |
| -4502 | Failed to read backup file |
| -4503 | File already exist |
| -4504 | Failed to set Virtual domain |
| -4505 | TFTP sending failed |
| -4506 | Name is over length limit |
| -4507 | File number is over limit |
| -4508 | File is over size limit |
| -4509 | Init ssh2 library failed |
| -4510 | Create socket failed |
| -4511 | Failed to connect |
| -4512 | Session init failed |
| -4513 | Failure establishing SSH session |
| -4514 | Unable to open file with SFTP |
| -4515 | Scp transaction failed |
| -4516 | Unable to init SFTP session |
| -4530 | The uploaded file can not contain any .php file! |
| -4531 | File must contain a html file named index.html! |
| -4535 | Disable CM Agent before making any change |
| -4540 | Invalid password or file error |
| -4560 | Secret length is no more than 64 |
| -4570 | Can’t use multi-pipes |
| -4571 | Pipe cannot be used here |
| -4600 | FortiCloud internal error |
| -4601 | Please log in using the email address you used to create the FortiCloud account |
| -4602 | Invalid user name or password |
| -4603 | Account already exists |
| -4604 | Username too long |
| -4605 | Password too long |
| -4606 | The report could not be retrieved from FortiCloud |
| -4607 | Error retrieving FortiCloud license agreement |
| -4608 | Error connecting to FortiCloud |
| -4609 | Error activating FortiCloud certificate |
| -4610 | Certificate already activated |
| -4611 | Certificate has been disabled |
| -4612 | Certificate has expired |
| -4613 | Invalid certificate number |
| -4614 | Please register with FortiCare before activating your FortiCloud certificate |
| -4615 | FortiCare runtime error |
| -4616 | Tunneling server is unreachable |
| -4617 | Login tunneling server failed |
| -4640 | rs profile is used by AD FS proxy, ssl must be enable |
| -4641 | Invalid adfs pool |
| -4642 | SSL of this pool should be on |
| -4643 | AD FS need real server SSL certificate |
| -4644 | AD FS proxy is disabled |
| -4645 | AD FS Proxy not found |
| -4646 | AD FS published external URL is not valid(example:https://aaa/bbb/) |
| -4647 | AD FS published backend URL is not valid(example:https://aaa/bbb/) |
| -4648 | AD FS proxy has at least one published service |
| -4649 | SSL sni forward flag is not enabled |
| -4650 | AD FS pool and real server pool are same |
| -4651 | AD FS relying party is invalid |
| -4652 | AD FS publish is being used |
| -4653 | AD FS only used for HTTPS |
| -4654 | AD FS only used for layer7 |
| -4655 | AD FS publish service is disabled |
| -4656 | AD FS need sni forward |
| -4657 | AD FS virtual server must use port 443 |
| -4658 | AD FS publish external URL duplicate |
| -4659 | AD FS publish backend server URL duplicate |
| -4661 | AD FS relying party proxy name not found |
| -4662 | AD FS relying party has been deleted |
| -4663 | AD FS relying party can not be editted |
| -4664 | config sync bind port error |
| -4670 | Invalid IPS value |
| -4800 | traffic sort type unmatch |
| -4801 | slb submodule unmatch |
| -4802 | NEED SET FILTER |
| -4810 | snmp custom health-check is empty |
| -4811 | Can’t remove all members of snmp custom health-check, when it is used |
| -4812 | One click GSLB server url should begin with ‘https://‘. |
| -4813 | ’ ’ space is not allowed in one click GSLB server email address. |
| -4814 | ’@’ is only allowed appears once in one click GSLB server email address. |
| -4815 | ’ ’ space is not allowed in one click GSLB server url. |
| -4820 | Min memory size exceeds maximum memory size or not |
| -4840 | local cert format invalid |
| -4841 | issuer cert format invalid |
| -4842 | issuer and local cert are not match |
| -4843 | config file size is out of range |
| -4860 | SNI value invalid |
| -4861 | real sever pool ssl versions are not continuous. |
| -4862 | client ssl no shared cipher for SSL versoin and cipher suite. |
| -4863 | backend ssl no shared cipher for SSL versoin and cipher suite. |
| -4864 | real server ssl no shared cipher for SSL versoin and cipher suite. |
| -4865 | server ssl no shared cipher for SSL versoin. |
| -4866 | client ssl no shared cipher for SSL versoin, cipher suite and cert type(RSA|ECDSA). |
| -4867 | client verify group no member |
| -4868 | Real Server SSL Supported Groups have no FFDHExxx |
| -4869 | Real Server SSL enabled RFC7919 Comply but no DHE ciphers |
| -4870 | Real Server SSL Supported Groups have no EC curve |
| -4871 | Real Server SSL add EC curve in Supported Groups but no ECDHE ciphers |
| -4872 | Real Server SSL RFC7919 Comply can not support TLS 1.3 |
| -4873 | Real Server SSL RFC7919 Comply can not support SSLv3 |
| -4880 | Cannot enable Source Address and Dynamic Auth at the same time |
| -4890 | not a valid hex string, should be characters among 0-9a-fA-F and not end with 00 |
| -4891 | The number of iso8583 bitmap list reach limitation |
| -4892 | The header length should equal or larger than the sum of length-indicator-shift and length-indicator-size |
| -4900 | Invalid Input |
| -4901 | Server is offline |
| -4902 | Failed to revert file |
| -4903 | The two versions are identical in content |
| -4904 | Base DN is empty |
| -4905 | Bind DN is empty |
| -4910 | No report-uri directive in policy when report-only is enabled |
| -4911 | No duplicated header name allowed in Add-Replace or Add-If-Absent mode |
| -4912 | URL regular expression is invalid. |
| Error Code | Error Message |
|---|---|
| -5001 | The attack log size is not between 0~10 percent total hard disk size |
| -5002 | Exception rule IP mask should be <1 ~ 32>. |
| -5003 | Host is invalid. |
| -5004 | URL is invalid. |
| -5005 | Name is invalid. |
| -5006 | Value is invalid. |
| -5010 | Duplicate rule |
| -5011 | Duplicate user |
| -5012 | Can’t change API Key for the user |
| -5013 | Can’t change UUID for the user |
| -5030 | The virtual path is conflict with other configure’s vpath, please check the related VS’s error page, custom auth form base, captcha profile and SAML configure. |
| -5031 | This virtual server has conflict virtual path, please check error page, custom auth form base, captcha profile and SAML configure. |
| -5050 | The captcha profile mustn’t be NULL, please select a captcha profile. |
| -5100 | Insufficient FortiToken Cloud service points. |
| -5101 | Invalid email. |
| -5102 | Require mobile number. |
| -5103 | Invalid mobile number. |
| -5104 | FortiADC connect to cloud server error. |
| -5105 | Server error. |
| -5106 | Unknown error. |
| -5107 | Need token. |
| -5108 | Invalid token. |
| -5109 | FTM check timeout |
| -5110 | Not support ftm push |
| -5111 | Local user two-factor is enabled. Disable it first |
| -5200 | The listen port(http, https, ssh or telnet) of the IPv4 interface address is used by other. |
| -5201 | The listen port(http, https, ssh or telnet) of the IPv6 interface address is used by other. |
| -5202 | The listen port(http, https, ssh or telnet) of the floating address is used by other. |
| -5203 | The listen port(http, https, ssh or telnet) of the secondary address is used by other. |
| -5204 | The listen port(http, https, ssh or telnet) of the secondary floating address is used by other. |
| -5205 | The listen port(http, https, ssh or telnet) of the HA node address is used by other. |
| -5206 | The listen port(http, https, ssh or telnet) of the HA node secondary address is used by other. |
| -5207 | The listen port(http, https, ssh or telnet) of the HA mgmt address is used by other. |
| -5220 | SNMP listen port of the IPv4 interface address is used by other. |
| -5221 | SNMP listen port of the IPv6 interface address is used by other. |
| -5222 | SNMP listen port of the floating address is used by other. |
| -5223 | SNMP listen port of the secondary address is used by other. |
| -5224 | SNMP listen port of the secondary floating address is used by other. |
| -5225 | SNMP listen port of the HA node address is used by other. |
| -5226 | SNMP listen port of the HA node secondary address is used by other. |
| -5227 | SNMP listen port of the HA mgmt address is used by other. |
| -5230 | Explicit HTTP VS must a L7 type VS. |
| -5240 | The direct route ip of pool is not consistent with related virtual server ip |
| -5241 | The health check type is not supported in direct-route mode. |
| -5242 | The direct-route pool is referenced by a non direct-route virtual server. |
| -5300 | oauth redirect url must start with ’/‘ |
| -5301 | oauth logout url must start with ’/‘ |
| -5302 | oauth path can’t be ’/‘ |
| -5303 | oauth auth url must start with ‘https://‘ |
| -5304 | oauth token url must start with ‘https://‘ |
| -5305 | auth path conflict with oauth redirect url |
| -5331 | Must configure password when username is set. |
| -5332 | Must configure username when password is set. |
| -5333 | Can’t change status. The external resource is in use. |
| -5999 | SSLi re-encryption ssl profile used by L2/L3 should not set SNI |
| Error Code | Error Message |
|---|---|
| -6001 | SSLi re-encryption real server ssl should enable |
| -6002 | SSLi decryption real server pool member is more than 1 |
| -6003 | SSLi re-encryption real server pool member is more than 1 |
| -6004 | SSLi instance only support at most 8 port ranges. |
| -6005 | SSLi instance port should be a number or a range with ’-‘. |
| -6006 | SSLi instance port should be 0 or 1-65535, and port start should be no larger than port end. |
| -6007 | The specified decryption ip|port is already used by another SSLi instance decryption. |
| -6008 | The specified decryption ip|port is already used by another SSLi instance re-encryption. |
| -6009 | The specified re-encryption ip|port is already used by another SSLi instance decryption. |
| -6010 | The specified re-encryption ip|port is already used by another SSLi instance re-encryption. |
| -6011 | L2 bind interface conflict. |
| -6012 | SSLi mode already enabled |
| -6013 | SSLi mode enable failed |
| -6014 | SSLi mode already disabled |
| -6015 | SSLi mode disable failed |
| -6016 | SSLi inbound interface is not soft switch for L2 topology |
| -6017 | SSLi outbound interface is not the member of decryption soft-switch |
| -6018 | SSLi L7 should not enable forward proxy |
| -6019 | The specified decryption and re-encryption ip|port is conflict. |
| -6020 | The decryption pool of L2/L3 SSLi instance can’t support ipv6. |
| -6021 | The encryption pool of L2/L3 SSLi instance can’t support ipv6. |
| -6022 | The addr type of decryption pool and of SSLi instance are not match. |
| -6023 | The addr type of encryption pool and of SSLi instance are not match. |
| -6024 | The alert and policy type are not match. |
| -6025 | policy only need one alert member. |
| -6026 | alert member has duplicated events. |
| -6027 | alert policy has not alert member. |
| -6028 | Input a domain name without a ’.’ at the beginning. |
| -6029 | Vdom-link entry can’t be deleted, move the interface to root vdom firstly. |
| -6030 | The device memory is too low to support RAM disk. |
| -6031 | Ramdisk size has been changed, the specified space will be occupied by anti-virus scanning, please reboot the device to take effect. |
| -6032 | It is enabled. |
| -6033 | Disable private key encription first. |
| -6034 | FTP profile requires security when setting client ssl profile. |
| -6035 | FTP profile with secutiy doesn’t support forward-proxy |
| -6036 | FTP profile with secutiy doesn’t support TLSv1.3 |
| -6037 | There is a conflict between client ssl profile and the profile type, FTP profile with security require local-certificate-group. |
| -6038 | FTP profile with security doesn’t support client-certificate-verify. |
| -6039 | FTP profile with security doesn’t support client-sni-required. |
| -6040 | FTP profile with security doesn’t support reject-ocsp-stapling-with-missing-nextupdate. |
| -6041 | FTP profile with security doesn’t support renegotiation. |
| -6042 | FTP profile with security doesn’t support ssl-dynamic-record-sizing. |
| -6043 | FTP profile with security should set persistence. |
| -6044 | FTP profile with security should set client ssl profile. |
| -6045 | The NF SNAT range is conflict with VS ippool. |
| -6046 | L4 FTP VS doesn’t support client ssl profile. |
| -6047 | The alert and policy filter scope are not match. |
| -6048 | L4 FTP VS doesn’t support FTP SSL. |
| -6049 | Once SameSite is set to None, Secure attribute must also be enabled. |
| -6050 | The custom attribute value does not seem to be formatted correctly. |
| -6051 | The cookie keyword shall be a valid cookie name. |
| -6052 | The custom attribute value is missing while the option is enabled. |
| -6053 | The cookie domain does not seem to be formatted correctly. |
| -6054 | The license is a trial license. |
| -6055 | The FortiADC license does not support EMS related feature. |
| -6056 | Invalid IP address or vs name filter for the WAF blocked IP. |
| -6057 | Failed to release WAF blocked IP with provided contitions. |
| -6058 | Can’t change vdom mode, please disable vdom first. |
| -6059 | Please delete all VS configuration in this vdom. |
| -6070 | Only port1 is allowed in current design |
| -6071 | FortiADC is not in any cloud autoscaling group |
| -6072 | Life cycle state of FortiADC is not InService |
| -6073 | HA is enabled. Please disable it first. |
| -6074 | Auto-scale is enabled or the FAD is currently in ASG. Please disable auto-scale or detach the FAD from ASG. |
| -6075 | The keyword shall be a valid header name. |
| -6076 | The keyword shall be a valid URL parameter name. |
| -6077 | Oversize Limit is too big. Without AV RAM disk setting, the range is 1-1200. |
| -6078 | Oversize Limit is too big. This size cannot exceed the size of AV RAM disk size. |