FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the behavior where it is impossible to delete the FortiGate object that has no references or its references were deleted. For example, the IPSec phase1-interface or SLA performance object, with the following error:
"...FW(health-check) # delete SLA_01 The entry is used by other 1 entries Command fail. Return code -23..."
The only way to delete those objects is to reboot the Firewall, which is not always possible in the production environment.
Scope
FortiGate.
Solution
Check after connecting the console cable if the console keeps printing output like the one given below:
"...FW (health-check) # unregister_netdevice: waiting for .... to become free. Usage count = 105 unregister_netdevice: waiting for .... to become free. Usage count = 105 unregister_netdevice: waiting for .... to become free. Usage count = 105 unregister_netdevice: waiting for .... to become free. Usage count = 105 unregister_netdevice: waiting for .... to become free. Usage count = 105
..."
Workaround: Disable the 'net-device' in the 'phase1-interface' settings of the IPsec Tunnel.
config vpn ipsec phase1-interface
edit vpn1
set net-device disable
end
This is a Known issue 1033154 and can be resolved by updating FortiOS v7.2.11, v7.4.5, v7.6.0 or above.
