Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Interface/Vlan/Vdom Removing Problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interface/Vlan/Vdom Removing Problem
hello experts
i have a serious problem with removing an aggregated interface in an almost empty VDOM.
recently i take a backup from a VDOM in a fortigate 600c 5.2.8 and restore it on a fortigate600d 5.2.8 and it runs in a company with strict SLA so i can't reboot it even!
in this VDOM only there are 2 elements.
one: an aggregated interface named "port-agg"
two: an interface vlan that is assigned to the aggregation interface, named "Vlan-400".
there are no reference to the Vlan-400, but in GUI it shows number 1 in the references column! but when i click on it ... there is nothing !
i restored a default factory backup to that VDOM, but the interfaces still are remained.
the command "diagnose sys checkused system.interface.name" does not give a proper information.
is this a serious BUG in fortigate or it has a plain solution?
can i force the fortigate to remove that VDOM whitout removing those fake references?
regards.
Labels:
- Labels:
-
5.2
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
download a backup of the config and open it in a text editor. Search for the name of the interface in question and you should see it somewhere else in the config. It's possible that it's being referenced by something that is CLI only, so you may need to change whatever it is from there.
CISSP, NSE4
CISSP, NSE4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use this command to see what the references are:
diagnose sys checkused system.interface.name [ interface name ]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A page that gives examples of using the diag sys checkused command is:
http://socpuppet.blogspot.com/2014/10/a-few-examples-of-how-to-do-dependency.html
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
wrong answers 
please first read the question carefully and then reply!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You said the GUI was not showing what the references are, so I suggested checking from the CLI.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@morteza,
If you want help with this you will need to be more specific.
1. I hope you realize that copying a config from one device (600C) to another device (600D) with different hardware is unsupported by Fortinet and can can leave you with unusable configs? Even if you follow some of the instructions for moving configs over (http://docs.fortinet.com/uploaded/files/1702/Transferring_a_configuration_file_from_one_model_to_ano...) you still may end up with a mess.
2. Have you searched through a text copy of the config for references to the interface Vlan-400? What did you find?
3. You said "the command 'diagnose sys checkused system.interface.name' does not give a proper information" but you didn't say how you ran the command or what the output was.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@tanr
Dear tanr
1. about your first hint, yes i did a mistake and i didn't know about that. now i want to fix it.
2. i searched on my new text file that is running on the new 600D with ctrl+f, and thats just what i see right now:
edit "Vlan-400"
set vdom "something"
set status down
set snmp-index 64
set interface "port-agg"
set vlanid 400
next
3. here is the outputs:
(global) # Diagnose sys checkused system.interface.name port-agg
entry used by table system.interface:name 'Vlan-400'
(global) # Diagnose sys checkused system.interface.name Vlan-400
(global) #config system interface
(interface) # delete Vlan-400
The entry is used by other 1 entries
Command fail. Return code -23
P.S the reference of port-agg, is Vlan-400 that its not the issue now, because i should delete the Vlan-400 first.
thanks for your help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A few things to check - anybody else who's more familiar with this feel free to comment!
Some references:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD38616
http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&externalId=FD30876
http://kb.fortinet.com/kb/documentLink.do?externalID=FD30620
If it's possible to reboot the new firewall (wasn't sure if you meant you weren't allowed to reboot the 600C or the 600D), hook up a laptop to the console, then reboot the FGT while hooked up and see if any errors show in the config.
If you can't reboot it, at least run the following command and see if it recorded any errors:
diagnose debug config-error-log read
Just to confirm, your admin session isn't on the Vlan-400 interface, correct?
And the "something" vdom is not your management vdom?
If you search your config file, do you have any other objects with the same name as any of the problematic objects, like port-agg? Duplicate names can cause some odd problems.
In case it isn't showing up correctly in the dependencies, make sure you've checked the other common references like dns server, dhcp, ntp on the interface, zone, SSID, virtual switches, etc.
Try to look at references another way around by checking to your "something" vdom with:
diag sys checkused system.vdom.name something
Also, have you tried changing the Vlan-400 vdom to root (or some other vlan) prior to attempting to delete it?
Similarly, have you tried changing to port-agg to another vdom beforehand?
And that's about all I can suggest to try before opening a support ticket with Fortinet.
Good luck!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Were you able to find the answer to your issue?
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Wifi problems with FortiWLC 200D &... 16 Views
- Unable to sign installer package -... 61 Views
- Fortiswitch Port Update Problem 83 Views
- VPN for some destinations not via... 54 Views
- Fortinac-F Multiple Host Problem 158 Views
Labels
-
FortiGate
8,491 -
FortiClient
1,721 -
5.2
801 -
FortiManager
713 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
410 -
5.6
362 -
FortiMail
309 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
222 -
FortiWeb
200 -
5.0
196 -
IPsec
187 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
98 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 443 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.