In order to delete an External FortiGuard category threat feed:

By default, if the External FortiGuard Category Threat Feed is referenced in any webfilter profile, it can only be removed from the profile by using the CLI.

1. Ensure the external FortiGuard category threat feed is not used in any webfilter profile. 

1. Identify the Category ID of the external FortiGuard category threat feed that needs to be deleted by hovering mouse onto the threat feed. Once the mouse is pointed onto the threat feed, it should show the category of the threat feed.

Note: Every threat feed has its own unique category.

To identify the category of the external FortiGuard category threat feed, run the following command in the firewall CLI:

get webfilter categories

Example output:

get webfilter categories

g01 Potentially Liable:
1 Drug Abuse
3 Hacking

++ Output Omitted ++

g22 Local Categories
140 custom1
141 custom2
192 test <-

2. Identify webfilter profiles where the above category is referenced. Run the following command in the firewall CLI:

show webfilter profile | grep "category XYZ" -f

Note: Replace XYZ with the category ID value found from step 1.a.

The above command lists all profiles where the threat feed is referenced. For example:

show webfilter profile | grep "category 192" -f
config webfilter profile
    edit "test"
         config ftgd-wf
             config filters
                 edit 192
                     set category 192 <-
                     set log disable
                 next
             end
         end
     next
end

In the example output above, 'test' is the webfilter profile in which the category 192 threat feed is referenced.

3. Delete the threat feed category from the webfilter with the following command:

config webfilter profile
    edit "ABC"
       config ftgd-wf
           config filters

                delete XYZ

           end

        end

     end

end

Note: Replace 'XYZ' with the category ID value found in step 1.a. Replace 'ABC' with the webfilter profile name from which the threat feed needs to be deleted. If the threat feed is referenced in multiple profiles, follow the procedure for each of the profiles.

Once the threat feed is deleted from all of the webfilter profiles, proceed with step 2:

2. Delete the external FortiGuard category threat feed:

Using the GUI: 

Select Security Fabric -> External Connectors. Right-click on the FortiGuard category threat feed, select Delete, then select OK.

Using the CLI:

config system external-resource

    delete ABC

end

Note: Replace 'ABC' with the name of the threat feed.

If a FortiGuard Category Threat Feed is referenced in webfilter profile and tried to delete without removing the references, below error is seen from the GUI:

The following error will be seen in the CLI:

fgtfirewall # config system external-resource

fgtfirewall (external-resource) # delete test
Cannot delete a used external resource.
Category 192 is used by web filter profile test
command_cli_delete:6682 delete table entry test unset oper error ret=-23
Command fail. Return code -23

fgtfirewall (external-resource) #