Fortinet Fortigate won’t save changes – CFG_CMDBAPI_ERR

It seems like every time I have to make a change to one of our Fortigate firewalls, the changes won’t be accepted, and I get the error “CFG_CMDBAPI_ERR“. That might be even worse than a Microsoft error.

If you do some googling for the error, you will find most people tell you to restart the ipsmonitor process. This is done with the “diag test application ipsmonitor 99” command. This typically does the trick, but today it was not working for me.

To see what was using up resources, I entered the “diag sys top 1” command. The last field shows the memory used. In my case, the problem was forticron.

Now, you can’t restart forticron the same way you restart ipsmonitor. You have to kill forticron, and to do that, you first have to get the pid (process ID). At the “diag sys top 1” command screen, the pid is the number right after the process name, which is the second column. Next, hit the Q key to exit the process screen. Now enter “diag sys kill 11 <pid>” where <pid> is replaced with the pid you just got from the previous screen. That should kill the process. It did for me, and I was able to make the changes that I needed.

Hope this helps someone out there. I know it was a pain trying to find the fix when I needed it.