- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Unable to delete interface
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to delete interface
I attempted to search but the results window pops up and immediately closes.
I've tried everything I can find to get this resolved, and I'm having absolutely no luck, I am about to call support and hope they can figure something out.
On to the problem: Simple, I can't delete an interface. This firewall was set up a few years ago, it's a 60D used for an office. I split out port 2 to set a policy explicitly for that one and now I can't delete it to add it back to the switch.
I had an issue with a different firewall that had an SSID inactive but set for DHCP, removed that and was able to delete the interface. It's showing 0 references, and if I go through CLI I'm seeing 0 references. If I download the backup and search for the interface I'm only finding the interface. DHCP is turned off, there's no DHCP server on it, I've tried turning the DHCP on and back off, on and then deleting the reference, adding static routing and deleting it, I've tried just about everything. I've rebooted the firewall several times, and the firmware is up to date according to the system.
Checking through CLI I come up with this:
config system interface
edit "internal2"
set vdom "root"
set ip 172.16.27.1 255.255.255.0
set type physical
set snmp-index 12
next
end
# diag sys cmdb refcnt show system.interface.name internal2Comes up with nothing
# diag sys cmdb refcnt reset system.interface.name internal2
The total reference number is 0.
delete internal2
Can not delete a static table entry
Command fail. Return code -61
There are no static routing entries for it (there are 6 in total, for 3 VPNs created by VPN Wizard).
Is there anything that can be done besides a factory reset? I'd really rather not do that because this has a lot of configuration.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
internal2 is one of those physical interfaces labeled as '2' on the back of 60D. You never be able to remove any physical interface. Why do you need to remove it. I'm guessing you just need to "unset ip 172.16.27.1 255.255.255.0", then reuse the IP on the switch.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes set it do dhcp or what ever and make sure it is not in use anywhere anymore (zero references). Keep in mind that an enabled dhcp server (shown in the interface settings in gui) is also a reference (because it is its own part of the fortios config and references the interface)!
Once you made the above sure you should be able to re-add the port to the switch. As Toshi already wrote you cannot delete a physical interface.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep, as Toshi said the reason you can't add it to the switch is that there is an IP address set. In the CLI you can simply do this:
config system interfaceAnd of course you should never try to delete a physical interface (but you also can't).
edit "internal2"
unset ip
next
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I'm not sure what was wrong in general, but until I followed all of the above steps I wasn't able to add it back to the switch, it simply wasn't an option.
I had to unset the IP in the cli, set the IP to 0.0.0.0/0.0.0.0 and turn on the DHCP. I've tried it before with the ip at 0's and DHCP both on and off and couldn't get it to work until I had unset the IP.
Thank you for the help.
Related Posts
- "Error writing to SSL connection" with... 211 Views
- Fortclient VPN Client Linux - IPSEC... 275 Views
- Unable to access Web GUI after... 241 Views
- IPsec phase-1 vpn removal in secondary... 293 Views
- Ipsec connection in linux mint with... 1348 Views
Labels
-
FortiGate
6,446 -
FortiClient
1,286 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
326 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
57 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.