Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎08-24-2009 04:18 PM Edited on ‎09-28-2023 08:50 PM By Community Manager

Article Id 190461

Troubleshooting Tip: Unable to delete a VDOM

Description

 
This article describes how to work around a problem that may be encountered when trying to delete a VDOM that is apparently no longer used.
 
Scope
 
Any supported version of FortiOS.


Solution

 
If the VDOM still has a configuration associated with it in any way, it cannot be deleted. This is a restriction which applies to removing any Firewall object.
 
Ensure that no interfaces are associated with the VDOM. There should be no addresses assigned or firewall policies.
 
Use the following command to check which objects may still be associated with the VDOM:
 
diagnose sys cmdb refcnt show system.vdom.name <path.object.mkey> <vdom_name>
 
For example, to display the objects associated with the VDOM called 'second':
 
config global
diagnose sys cmdb refcnt show system.vdom.name second
 
Once all of these objects have been removed from the VDOM, it can then be deleted. 
 
entry used by table system.interface:name 'ssl.second'
entry used by table system.interface:name 'test0'
entry used by table system.interface:name 'test1'
entry used by table system.interface:name 'vdom link0'
entry used by table system.interface:name 'vdom link1'
entry used by table system.vdom-property:name 'second'
 
It is also possible to use the above command to find a system administrator that might still be linked to the VDOM trying to delete.
If there is any administrator tied to that VDOM, it will not be possible to delete it.
Another VDOM, called testing-vd, generates the following output:

 

Config global:
 

(global) # diagnose sys cmdb refcnt show system.vdom.name testing-vd
entry used by table system.interface:name 'l2t.testing-vd' (From 'global')
entry used by table system.interface:name 'naf.testing-vd' (From 'global')
entry used by table system.interface:name 'ssl.testing-vd' (From 'global')
entry used by child table vdom:name 'testing-vd' of table system.admin:name 'admin' (From 'global')
entry used by table system.vdom-property:name 'testing-vd' (From 'global')

 

It is possible to see that this VDOM is being used by the admin user:

 

config system admin
    edit "admin"
        set accprofile "super_admin"
        set vdom "root" "testing-vd"
        set password ENC SH2M6KbuWYUrbgtJOsiDIMc9iKdw+vfzx5yVJJqoRa6g0dhppIoleoT+fXDRFY=
    next
end

 

To remove it, run the following:

 

config system admin
    set vdom root
end

 

That will allow to delete the VDOM in question. In my example, the VDOM called testing-vd.



Related article:

Troubleshooting Tip : verifying FortiGate configuration objects references and dependencies with the....

9913
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.