Technical Tip: Steps to delete the Configuration object on FortiGate

hpenmetsa · ‎07-27-2024

Description

This article describes how to delete the configuration object on FortiGate, this example focuses on deleting an address group object.

Scope

FortiOS.

Solution

In the following example, it is not possible to delete a configuration object (for example: address group) using the GUI, the 'Delete' option is grayed out. Attempting to delete the object via CLI also fails.

Step 1: First check the object references and dependencies, ensure it has no references

To delete the address object from the GUI, it shows the Delete option greyed out.

Attempting to delete the address group from CLI also fails.

Try resetting the references for the address group object using the following command from the CLI.

diagnose sys cmdb refcnt reset <path.object.mkey>

For example:

Try deleting the address group object from the CLI again if it fails, as a last step:

Download the FortiGate configuration file.
Edit the configuration file and manually remove the Configured object.
Upload the modified configuration file back to FortiGate.

By following these steps, it should be possible to load the configuration without objects into the FortiGate. It is also possible to use these steps to move the VLAN from one interface to another.