Technical Tip: Facing issue removing an object from FortiGate even when it is not referenced

ctan · ‎12-13-2021

Description

This article describes how to remove an object that is not referenced, where the delete button grey out via FortiGate GUI and CLI prompted message that the object is referenced

Scope

FortiOS

Solution

Run CLI command:

# diagnose sys cmdb refcnt show <path.object.mkey>

Example on FortiGate port1 interface:

# diag sys cmdb refcnt show system.interface.name port1

It will show a list of entry that the FortiGate port1 interface referenced.

If in case it is not showing any references, then it is possible to reset the references database table to release the lock.

# diagnose sys cmdb refcnt reset <path.object.mkey>

Example:

# diag sys cmdb refcnt reset system.interface.name port1

After that, it is possible to recheck the reference with CLI command ' #diagnose sys cmdb refcnt show <path.object.mkey>' to confirm if it is released successfully.

Once confirm, it will be possible to remove the object that user would like to remove, else, it is possible to consider to reboot the FortiGate to see if it will release the locked object.

If the issue persists, call into Fortinet Support hotline for further assistant.

Related links.

Documentation:

https://docs.fortinet.com/document/fortigate/6.2.8/cookbook/163148/finding-object-dependencies

Fortinet Community KB:
Technical Note: How to Check Referenced Objects:
https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-Check-Referenced-Objects/ta-p/1948...

Troubleshooting Tip : verifying FortiGate configuration objects references and dependencies with the CLI command 'diagnose system checkused':

https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD30620

Technical Tip: Facing issue removing an object from FortiGate even when it is not referenced

You are leaving our website