Description

This article describes that FortiGate will give an error when deleting any external connector from the Security Fabric even when it has no obvious references. The reference window shows no result (the external connector name is not used in the config anywhere else):

When trying to delete the connector we get the following error:

 In this case, the external connector can be seen in the CLI with the following commands:

config system external-resource
    edit "Block - Malwares"
        set status enable
        set type malware
        set update-method push
        set comments ''
        set interface-select-method auto
    next
end

The same error appears even in CLI:

'Cannot delete a used external resource.
Command_cli_delete:6722 delete table entry Block - Malwares unset oper error ret=-23'

Scope

FortiGate.

Solution

The solution to this issue is to make the following changes to all the anti-virus security profiles in the FortiGate:

config antivirus profile

    edit default  <----- This should be done for all anti-virus profiles configured.

        set external-blocklist-enable-all disable

end

There will be hidden antivirus profiles that can only be found on the CLI as follows :

config antivirus profile
    edit default
        set external-blocklist-enable-all disable
    next
    edit sniffer-profile
        set external-blocklist-enable-all disable
    next
    edit wifi-default
        set external-blocklist-enable-all disable
end

After making these changes, it is possible to delete the external connector.

It is not possible to delete the external connector called for the FSSO agent, and FortiGate will throw the given error:

When the user group source is set to 'local', the AD server is called on the FortiGate, and the user groups for the FSSO authentication are explicitly selected.

To resolve the issue, change the User group source setting to the collector agent, so there will be no reference to the user group anywhere.