Description
This article describes that FortiGate will give an error when deleting any external connector from the Security Fabric even when it has no obvious references. The reference window shows no result (the external connector name is not used in the config anywhere else):
When trying to delete the connector we get the following error:
In this case, the external connector can be seen in the CLI with the following commands:
config system external-resource
edit "Block - Malwares"
set status enable
set type malware
set update-method push
set comments ''
set interface-select-method auto
next
end
The same error appears even in CLI:
'Cannot delete a used external resource.
Command_cli_delete:6722 delete table entry Block - Malwares unset oper error ret=-23'
Scope
FortiGate.
Solution
The solution to this issue is to make the following changes to all the anti-virus security profiles in the FortiGate:
config antivirus profile
edit default <----- This should be done for all anti-virus profiles configured.
set external-blocklist-enable-all disable
end
There will be hidden antivirus profiles that can only be found on the CLI as follows :
config antivirus profile
edit default
set external-blocklist-enable-all disable
next
edit sniffer-profile
set external-blocklist-enable-all disable
next
edit wifi-default
set external-blocklist-enable-all disable
end
After making these changes, it is possible to delete the external connector.
FSSO external connector:
When the user group source is set to Local, the FortiGate references the configured AD server, and the user groups used for FSSO authentication are explicitly selected from that server.
It is not possible to delete the external connector associated with the FSSO agent, as FortiGate will display the following error:
To resolve the issue, change the User Group Source setting to Collector Agent. This ensures that there are no remaining references to the user group, allowing the external connector to be deleted.
