FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 200811
Description This article describes how to remove an object that is not referenced, where the delete button grey out via FortiGate GUI and CLI prompted message that the object is referenced
Scope FortiOS

Run CLI command:


# diagnose sys cmdb refcnt show <path.object.mkey>


Example on FortiGate port1 interface:

# diag sys cmdb refcnt show port1


It will show a list of entry that the FortiGate port1 interface referenced.

If in case it is not showing any references, then it is possible to reset the references database table to release the lock.


# diagnose sys cmdb refcnt reset <path.object.mkey>




# diag sys cmdb refcnt reset port1 

After that, it is possible to recheck the reference with CLI command ' #diagnose sys cmdb refcnt show <path.object.mkey>'  to confirm if it is released successfully.

Once confirm, it will be possible to remove the object that user would like to remove, else, it is possible to consider to reboot the FortiGate to see if it will release the locked object.


If the issue persists, call into Fortinet Support hotline for further assistant.


Related links.


Fortinet Community KB: 
Technical Note: How to Check Referenced Objects:


Troubleshooting Tip : verifying FortiGate configuration objects references and dependencies with the CLI command 'diagnose system checkused':