You can use this command to see what the references are:

diagnose sys checkused system.interface.name [ interface name ]

A page that gives examples of using the diag sys checkused command is:

  http://socpuppet.blogspot.com/2014/10/a-few-examples-of-how-to-do-dependency.html 

wrong answers

please first read the question carefully and then reply!

You said the GUI was not showing what the references are, so I suggested checking from the CLI.

@morteza,

If you want help with this you will need to be more specific.

1. I hope you realize that copying a config from one device (600C) to another device (600D) with different hardware is unsupported by Fortinet and can can leave you with unusable configs?   Even if you follow some of the instructions for moving configs over (http://docs.fortinet.com/uploaded/files/1702/Transferring_a_configuration_file_from_one_model_to_ano...) you still may end up with a mess.

2. Have you searched through a text copy of the config for references to the interface Vlan-400?  What did you find?

3. You said "the command 'diagnose sys checkused system.interface.name' does not give a proper information" but you didn't say how you ran the command or what the output was.

@tanr

Dear tanr

1. about your first hint, yes i did a mistake and i didn't know about that. now i want to fix it.

2. i searched on my new text file that is running on the new 600D with ctrl+f, and thats just what i see right now:

edit "Vlan-400"

     set vdom "something"

     set status down

     set snmp-index 64

     set interface "port-agg"

     set vlanid 400

 next

3. here is the outputs:

(global) # Diagnose sys checkused system.interface.name port-agg

entry used by table system.interface:name 'Vlan-400'

(global) # Diagnose sys checkused system.interface.name Vlan-400

(global) #config system interface

(interface) # delete Vlan-400

The entry is used by other 1 entries

Command fail. Return code -23

P.S the reference of port-agg, is Vlan-400 that its not the issue now, because i should delete the Vlan-400 first.

thanks for your help

A few things to check - anybody else who's more familiar with this feel free to comment!

Some references:

http://kb.fortinet.com/kb/documentLink.do?externalID=FD38616

http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&externalId=FD30876

http://kb.fortinet.com/kb/documentLink.do?externalID=FD30620

If it's possible to reboot the new firewall (wasn't sure if you meant you weren't allowed to reboot the 600C or the 600D), hook up a laptop to the console, then reboot the FGT while hooked up and see if any errors show in the config.

If you can't reboot it, at least run the following command and see if it recorded any errors:

      diagnose debug config-error-log read

Just to confirm, your admin session isn't on the Vlan-400 interface, correct?    

And the "something" vdom is not your management vdom?

If you search your config file, do you have any other objects with the same name as any of the problematic objects, like port-agg?  Duplicate names can cause some odd problems.

In case it isn't showing up correctly in the dependencies, make sure you've checked the other common references like dns server, dhcp, ntp on the interface, zone, SSID, virtual switches, etc.

Try to look at references another way around by checking to your "something" vdom with:

      diag sys checkused system.vdom.name something

Also, have you tried changing the Vlan-400 vdom to root (or some other vlan) prior to attempting to delete it?  

Similarly, have you tried changing to port-agg to another vdom beforehand?

And that's about all I can suggest to try before opening a support ticket with Fortinet.

Good luck!

Were you able to find the answer to your issue?