Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Netadmin-ccl-org
New Contributor

Created on ‎02-01-2024 08:54 AM

Cant delete aggregate from fortimanager

 

Capture1111.PNG

 

Any reason I cannot delete this? 

Labels:
491
0 Kudos
8 REPLIES 8
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-01-2024 09:14 AM

Most likely it's referred at somewhere in the config. You can go to the revision screen then click "View Config" after selecting the latest (top) revision. And then you can search "fortilink-02" in the full config to find it out.

Toshi

481
0 Kudos
Netadmin-ccl-org
New Contributor
In response to Toshi_Esumi

Created on ‎02-01-2024 09:16 AM

where is the revision screen at in the fortimanager?

478
0 Kudos
Dan_Eng52
Contributor

Created on ‎02-01-2024 09:17 AM Edited on ‎02-01-2024 09:18 AM

Hi there, 

 

Have you ensured you have no references of this interface in any DHCP scopes, policies etc? You will not be able to delete the interface if it is actively reference somewhere. 

Regards, 

Dan. 

477
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Dan_Eng52

Created on ‎02-01-2024 09:19 AM Edited on ‎02-01-2024 09:20 AM

Go back to Dashboard/Summary. then find "Configuration and Installation" widget. Revision section is in the widget.

475
0 Kudos
Netadmin-ccl-org
New Contributor
In response to Toshi_Esumi

Created on ‎02-01-2024 09:28 AM

looks like its referenced in set server-mode enable, but I didnt do that and I dont where to change this in the fortimanager

464
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Netadmin-ccl-org

Created on ‎02-01-2024 09:34 AM

Look at that section of config. It must be a part of NTP setting like below:

config system ntp
    set ntpsync enable
    set server-mode enable
    set interface "fortilink"  <--- reference, "set server-mode disable" would remove this.
end

It's likely set up by default.

 

Toshi

461
0 Kudos
Netadmin-ccl-org
New Contributor
In response to Toshi_Esumi

Created on ‎02-01-2024 09:36 AM

So how do you change this without accessing cli on the firewalls themselves? I guess I am use to panorama and we dont make local changes on the firewalls and all is done from the panorama. Is this the same concept? I assume so otherwise your local config is out of sync from the fortimanager config. 

458
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Netadmin-ccl-org

Created on ‎02-01-2024 09:55 AM Edited on ‎02-01-2024 10:03 AM

With FGT-FMG, you can make those changes directly at the FGT if you want and FMG would automatically retrieve the config change. It might push the "templates" status out of sync, and "policy package" status as well.
But if the change is outside of the templates and policy package, you can re-install them to go back to in-sync state. Just check the "preview" to see what they would install. Likely shows "nothing to change".

But if your one of templates have NTP config, you should change it at the template. Which I don't think the case based on what you're saying.

Also, you can use "script" to make the change on the FMG side and run it again either the device directly or device database and push. But above reason, I would just change it at the device by getting in via SSH or console.

Toshi

455
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.