I attempted to search but the results window pops up and immediately closes.
I've tried everything I can find to get this resolved, and I'm having absolutely no luck, I am about to call support and hope they can figure something out.
On to the problem: Simple, I can't delete an interface. This firewall was set up a few years ago, it's a 60D used for an office. I split out port 2 to set a policy explicitly for that one and now I can't delete it to add it back to the switch.
I had an issue with a different firewall that had an SSID inactive but set for DHCP, removed that and was able to delete the interface. It's showing 0 references, and if I go through CLI I'm seeing 0 references. If I download the backup and search for the interface I'm only finding the interface. DHCP is turned off, there's no DHCP server on it, I've tried turning the DHCP on and back off, on and then deleting the reference, adding static routing and deleting it, I've tried just about everything. I've rebooted the firewall several times, and the firmware is up to date according to the system.
Checking through CLI I come up with this:
config system interface
edit "internal2"
set vdom "root"
set ip 172.16.27.1 255.255.255.0
set type physical
set snmp-index 12
next
end
# diag sys cmdb refcnt show system.interface.name internal2Comes up with nothing
# diag sys cmdb refcnt reset system.interface.name internal2
The total reference number is 0.
delete internal2
Can not delete a static table entry
Command fail. Return code -61
There are no static routing entries for it (there are 6 in total, for 3 VPNs created by VPN Wizard).
Is there anything that can be done besides a factory reset? I'd really rather not do that because this has a lot of configuration.
internal2 is one of those physical interfaces labeled as '2' on the back of 60D. You never be able to remove any physical interface. Why do you need to remove it. I'm guessing you just need to "unset ip 172.16.27.1 255.255.255.0", then reuse the IP on the switch.
yes set it do dhcp or what ever and make sure it is not in use anywhere anymore (zero references). Keep in mind that an enabled dhcp server (shown in the interface settings in gui) is also a reference (because it is its own part of the fortios config and references the interface)!
Once you made the above sure you should be able to re-add the port to the switch. As Toshi already wrote you cannot delete a physical interface.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Yep, as Toshi said the reason you can't add it to the switch is that there is an IP address set. In the CLI you can simply do this:
config system interfaceAnd of course you should never try to delete a physical interface (but you also can't).
edit "internal2"
unset ip
next
end
So I'm not sure what was wrong in general, but until I followed all of the above steps I wasn't able to add it back to the switch, it simply wasn't an option.
I had to unset the IP in the cli, set the IP to 0.0.0.0/0.0.0.0 and turn on the DHCP. I've tried it before with the ip at 0's and DHCP both on and off and couldn't get it to work until I had unset the IP.
Thank you for the help.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.