Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

How to remove an address?

If I go into the Fortigate under: Firewall -> Address How do I REMOVE an address that I put in there? I only see Create New and Edit options.
10 REPLIES 10
abelio
SuperUser
SuperUser

If that object (address) is used in any other place of the configuration (for example in one firewall policy), you cannot delete until you free it

regards




/ Abel

regards / Abel
MasterBratac

A little question ... does anybody know if its possible to diplay a list of configuration entrys, that uses an specific object ?
abelio

not yet; meanwhile you could save your conf in a text file and search through it for object matches

regards




/ Abel

regards / Abel
Not applicable

Ah, I see now. I had a spot where it was at. It would be nice if it could tell you where you had it in (fortunately I only have like 5 policies right now) but I can see in a real busy setup it would be difficult. Thanks very much!!!!!
Darune
New Contributor

There is one way, but it' s a diagnostic command, so it' s not supported and may be a little tricky. Basically you go: diagnose sys checkused <path to item in CLI>.<attribute name> <value of attribute> So for example if I wanted to check where an interface named " test_intf" was used I would type in: diag sys checkused system.interface.name test_intf The path to the item in the CLI can be gotten from the cli: eg. Config system interface = system.interface Config firewall vip = firewall.vip Config system dhcp server = system.dhcp.server The attribute name is the " key" for the configuration table, so " name" in most cases, " id" in others. The output can be a little cryptic, and may show some hidden entries that are created automatically (like the VIP' s for DNS forwarding). So this command can' t solve all your problems, but it might help a bit.
abelio

nice command thanks!

regards




/ Abel

regards / Abel
MasterBratac

Interesting .. Thinak you !
Not applicable

Any idea why I' m not getting output from this command? BMH-FIREWALL # diagnose sys checkused firewall.policy edit.13 BMH-FIREWALL # diagnose sys checkused firewall.policy edit 13 command parse error before ' 13' Command fail. Return code -61 BMH-FIREWALL # diagnose sys checkused firewall.policy edit.72 BMH-FIREWALL #
rwpatterson
Valued Contributor III

Possibly because a policy is not used in anything else... A group is used in a policy, so you may see something there, but the policy is the end game. You can always remove one, no dependencies.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Labels
Top Kudoed Authors