Fortinet black logo

Cookbook

Finding object dependencies

Copy Link
Copy Doc ID 664e9f16-22ad-11eb-96b9-00505692583a:163148
Download PDF

Finding object dependencies

You may be prevented from deleting a configuration object when other configuration objects depend on it. You can use the GUI or CLI to identify objects which depend on, or make reference to the configuration you are trying to delete. Additionally, if you have a virtual interface with dependent objects, you will need to find and remove those dependencies before deleting the interface.

To remove interface object dependencies in the GUI:
  1. Go to Network > Interfaces. The Ref. column displays the number of objects that reference this interface.
  2. Select the number in the Ref . column for the interface. A window listing the dependencies appears.
  3. Use these detailed entries to locate and remove object references to this interface. The trash can icon is enabled after all the object dependencies are removed.
  4. Remove the interface by selecting the check box for the interface, and select Delete.
To find object dependencies in the CLI:

When running multiple VDOMs, use the following command in the global configuration only.

diagnose sys cmdb refcnt show <path.object.mkey>

The command searches for the named object in both the most recently used global and VDOM configurations.

Examples

To verify which objects a security policy with an ID of 1 refers to:

diagnose sys cmdb refcnt show firewall.policy.policyid 1

To check what is referred to by interface port1:

diagnose sys cmdb refcnt show system.interface.name port1

To show all dependencies for an interface:

diagnose sys cmdb refcnt show system.interface.name <interface name>

Sample output:

In this example , the interface has dependent objects, including four address objects, one VIP, and three security policies.

entry used by table firewall.address:name '10.98.23.23_host’

entry used by table firewall.address:name 'NAS'

entry used by table firewall.address:name 'all'

entry used by table firewall.address:name 'fortinet.com'

entry used by table firewall.vip:name 'TORRENT_10.0.0.70:6883'

entry used by table firewall.policy:policyid '21'

entry used by table firewall.policy:policyid '14'

entry used by table firewall.policy:policyid '19'

Finding object dependencies

You may be prevented from deleting a configuration object when other configuration objects depend on it. You can use the GUI or CLI to identify objects which depend on, or make reference to the configuration you are trying to delete. Additionally, if you have a virtual interface with dependent objects, you will need to find and remove those dependencies before deleting the interface.

To remove interface object dependencies in the GUI:
  1. Go to Network > Interfaces. The Ref. column displays the number of objects that reference this interface.
  2. Select the number in the Ref . column for the interface. A window listing the dependencies appears.
  3. Use these detailed entries to locate and remove object references to this interface. The trash can icon is enabled after all the object dependencies are removed.
  4. Remove the interface by selecting the check box for the interface, and select Delete.
To find object dependencies in the CLI:

When running multiple VDOMs, use the following command in the global configuration only.

diagnose sys cmdb refcnt show <path.object.mkey>

The command searches for the named object in both the most recently used global and VDOM configurations.

Examples

To verify which objects a security policy with an ID of 1 refers to:

diagnose sys cmdb refcnt show firewall.policy.policyid 1

To check what is referred to by interface port1:

diagnose sys cmdb refcnt show system.interface.name port1

To show all dependencies for an interface:

diagnose sys cmdb refcnt show system.interface.name <interface name>

Sample output:

In this example , the interface has dependent objects, including four address objects, one VIP, and three security policies.

entry used by table firewall.address:name '10.98.23.23_host’

entry used by table firewall.address:name 'NAS'

entry used by table firewall.address:name 'all'

entry used by table firewall.address:name 'fortinet.com'

entry used by table firewall.vip:name 'TORRENT_10.0.0.70:6883'

entry used by table firewall.policy:policyid '21'

entry used by table firewall.policy:policyid '14'

entry used by table firewall.policy:policyid '19'