How to remove an address?

If that object (address) is used in any other place of the configuration (for example in one firewall policy), you cannot delete until you free it

Ah, I see now. I had a spot where it was at. It would be nice if it could tell you where you had it in (fortunately I only have like 5 policies right now) but I can see in a real busy setup it would be difficult. Thanks very much!!!!!

There is one way, but it' s a diagnostic command, so it' s not supported and may be a little tricky. Basically you go: diagnose sys checkused <path to item in CLI>.<attribute name> <value of attribute> So for example if I wanted to check where an interface named " test_intf" was used I would type in: diag sys checkused system.interface.name test_intf The path to the item in the CLI can be gotten from the cli: eg. Config system interface = system.interface Config firewall vip = firewall.vip Config system dhcp server = system.dhcp.server The attribute name is the " key" for the configuration table, so " name" in most cases, " id" in others. The output can be a little cryptic, and may show some hidden entries that are created automatically (like the VIP' s for DNS forwarding). So this command can' t solve all your problems, but it might help a bit.

Any idea why I' m not getting output from this command? BMH-FIREWALL # diagnose sys checkused firewall.policy edit.13 BMH-FIREWALL # diagnose sys checkused firewall.policy edit 13 command parse error before ' 13' Command fail. Return code -61 BMH-FIREWALL # diagnose sys checkused firewall.policy edit.72 BMH-FIREWALL #

Not getting anything there either: BMH-FIREWALL # diagnose sys checkused firewall.addrgrp rdp.allow BMH-FIREWALL # diagnose sys checkused firewall.addrgrp rdp.allow BMH-FIREWALL # diagnose sys checkused firewall.addrgrp rdp.allowed BMH-FIREWALL # I just put in a ticket. Let you know next week sometime. :D