The article describes what are references, how to find and delete them.
Scope
FortiGate.
Solution
Consider below scenarios:
- Creating a policy and mentioning the interface in it (source interface and destination interface).
- Creating a static route for an IPSEC tunnel.
- Creating SD-WAN and adding the WAN interfaces.
- Creating a VIP and mentioning it in the security policy.
Note:
these are just some of the scenarios, but this is what is called referencing on the FortiGate. Sometimes, it is not possible to add a Wan interface (it will not be visible) under SD-WAN or it is not possible to delete the IPSec tunnel (because of its references).
All the references act as a dependency on the FortiGate. If an interface is referenced somewhere it will not be possible to add it.
For example, in SD-WAN zone.
Similarly, if a VIP is referenced in a policy it cannot be deleted until the reference is removed.
In summary, anything that is referenced cannot be deleted on the FortiGate. The best way to delete any reference would be to just see the ‘reference’ section as shown below:
Select the number under Ref, and the related references are visible:
It is possible to delete this right away as shown in the above image. Note that this will completely remove the entire policy of the corresponding reference from the firewall.
Moreover, in case there are any IP addresses that are referenced, it is either possible to delete it from the address tab under Policy&Objects. An extensive way is to download the backup file search for the corresponding IP and then delete it from there, and upload the backup.