Thank you so much for your support Ede,
The output of the command is here I frankly have no idea what to do.
Created on 12-16-2022 12:49 PM Edited on 12-16-2022 12:51 PM
,
Go through all of your antivirus profiles, check if they have "Use external malware block list" enabled. It can either be an explicit list of individual feeds, or all of them. (in which case the reference to the feed you want to delete would not show up in the CLI)
If that's the case, disable the option altogether, or switch to specific feeds and ensure the one you want to delete isn't in the selected list.
edit: make sure to check (and possibly change) this through the CLI as well. "external-blocklist-enable-all" seems to be enabled in the CLI by default but not displayed in the GUI, at least in 7.0.x that I have checked. (maybe a GUI bug)
I went through all the antivirus profiles. There are currently 4 antivirus profiles (all default antivirus profiles that come with Fortigate). "Use external malware block list" option is not active in any of the security profiles (Antivirus, web filter, video filter, DNS filter etc.), it is not using in any profile.
Hi Team,
It seems you are deleting from root VDOM
Can you delete from global VDOM? are they visible?
Since I created it in the root VDOM, it only appears in the root VDOM. Doesn't show up in Global VDOM
Hi Team,
I replicated this in lab and i was able to reproduce the issue.
Please follow these steps:
In my lab environment i have three antivirus profiles which are attached to global VDOM, i have to disable this setting in anti virus profile "set external-blocklist-enable-all enable", only then i was able to delete the malware feed.
config global
config antivirus profile
edit g-wifi-default----you have to do this for all AV profiles
set external-blocklist-enable-all disable
end
Hope it is clear
Created on 12-18-2022 06:04 AM Edited on 12-18-2022 06:07 AM
Check them in the CLI, especially check for the option "external-blocklist-enable-all", as I wrote in my initial reply, and as @seshuganesh is trying to highlight below.
This option seems to be enabled by default, and it seems to be blocking the deletion (at least it did for me).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.