Skip to main content

PFS102 - Failed to Update pfSense Alias

Agent error code #206102#PFS102 indicates that the agent attempted to update an existing alias on pfSense and the update request was rejected. This is the most common alias-edit failure and blocks any grant or revocation against the affected alias.

This error is distinct from create failures (#206101)#PFS101), which only happen on first grant. Error #206102#PFS102 occurs when the alias exists but the agent's edit was refused.

Common causes include:

  • The API user lacks the WebCfg - Firewall: Aliases: Edit privilege
  • The alias was switched to a type that doesn't allow entry edits (e.g. a URL Table alias)
  • The alias has been locked by another administrator's session
  • A concurrent change on pfSense rolled the update back

Steps to Resolve

Verify the Edit Privilege

  1. Log into pfSense and navigate to System > User Manager > Users
  2. Open the user the API key acts as
  3. Confirm WebCfg - Firewall: Aliases: Edit is listed under Effective Privileges. If missing, add it (see #206002#PFS002 for full privilege troubleshooting)

Verify the Alias Is Still Editable

  1. Navigate to Firewall > Aliases > IP
  2. Open the alias and confirm its Type is Host(s)
  3. If the type was changed to a URL Table, GeoIP, or similar dynamic alias, change it back to Host(s) and save

Check the Agent Log for the pfSense Error Detail

  1. Open the orchestration agent log and find the failed grant entry
  2. The pfRest response detail is logged alongside the user-visible code and identifies the specific reason pfSense rejected the edit

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top