Description

This article describes an issue where editing or deleting a firewall policy fails and results in an error message '14 - Please unset 'dstaddr' first' and 'can not config the object since either the object or the referenced objects are being configured by other transactions.'.

Scope

FortiGate.

Solution

An error is encountered when trying to modify or delete firewall policies, with the message displayed in the images below.

In this scenario, the destination is set as 'ALL', yet the error message '14 - Please unset 'dstaddr' first' appears when attempting to save the changes. An error message is also encountered when navigating to the 'Migrated to SD-WAN zone' section under the interface.

Solution:

After rebooting the firewall, it became possible to successfully delete and edit all firewall policies.

Note:

FortiOS allows administrators to make a batch of changes that are only applied once the transaction is committed. Until then, changes can be edited or reverted without affecting current operations. Before rebooting the Firewall, verify if the policy can be edited through CLI, because this will confirm if this is not a GUI/HTTPS issue while loading the policy page.

In workspace mode, when an object is being edited, it becomes locked to prevent other administrators from making changes. A warning message notifies users that the object is currently part of another active transaction

Related document:
FortiGate Workspace Mode