Force delete object
At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.
Nils Keune commented
This is such a bad joke, I cannot really laugh about it. I just want to delete a user and people tell me to edit xml files to do so. On a 1500€ device that also wants 1500€ licensing fees every three years. Sophos, are you freaking kidding us?
Q Kirwan commented
Just wanted Sophos to know:
We purchased two Sophos XG 125 firewalls with 3 years of support to upgrade all of our SG firewalls. However, because this feature, or any feature that tells you where an object is in use on the firewall, is completely missing, we have decided to return these firewalls for a full refund and will continue to use the older ones as they are feature complete.
Please emphasize getting this feature in production. Thank you.
Why the **** hasn't this been done yet? If you have hundreds of firewall rules, groups etc. it is absolutely impossible to find out where a user is attached. It should say "this user is attached to policy, are you sure you want to delete" and if approved, the XG should remove the user wherever they are attached, just the same as it does in AD.
Absurd that this has been outstanding for almost 3 years. Fix it already.
Marcelo Bustos commented
Thanks to our Compunet support team We can find a way, although it is not the most elegant one, to find the dependencies of the IPHost object with the rule / group to which it belongs.
To find the dependency of the IPHost object you must do the following:
1.- download the complete configuration of XG from Backup & firmware / Import Export and Export full configuration
2.- edit the XML file in Notepad ++ (or other) and perform filtering by the name of the object
3.- Correlate in the file the object and dependence
Attempting to delete an IP Host Group Object. Have removed the object in question from all rules (limited number of rules where this object would be applied) yet, still presented with "Can't delete because in use by a firewall rule" message. Manually inspecting all rules for where this object may be reference has proved unsuccessful. If the object exists we need to be able to search for it or, have the system inform us where it is referenced.
The interface is really not very good at all. An admin must have better editing tools to manage the amount of data he has to process accurately, and efficiently, I have wasted many hours dodging the quirks in trying to change data. I see some "solutions" like "erase everything and start from scratch", and "export the configuration (to XML), EDIT it then, import the code back into the configuration. Are you kidding??? It's like me telling my users, export the registry......then reinstall it. COME ON! At least make this editing process usable.
Nobody is smart enough to do everything correct the first time. I can't edit NAT records and I cannot delete host entries. We "tried" things that didn't work. Now we are stuck? With the documentation lacking, being unable to delete or change things is a MAJOR weakness.
Yudhin Acharya commented
We need to have it for all the object regardless of IP, IP range, HOST, FQDN, USER, User group, anything,
shiv shankar commented
what a worst device and waste support in the world really m very angry and i never seen this type of dummy device in the world users won't be deleted traffic shaping already apply unable to change what the ******* device is that
and this my biggest mistake in the world and my life that i purchase this device i will share and warn to all my friend and with the help of FACEBOOK,TWITTER etc TO NEVER PURCHASE THIS DUMMY DEVICE LIKE DUSTBIN
Please add this as a feature. Or at least a move all users in group feature so you can put them in another group then delete .
Just as it is in UTM (you can see where exactly is object used) ....
Btw. today my colleague accidentaly deleted wrong WAN alias IP and deleted apx. 35DNAT rules instead od expected 2 rules with the other WAN IP alias.
Chan Jin Feng commented
Is anyone going to work on this? It would be great help if we can see the places the objects is used.
XG have a real usability problem. At the rate fixes and updates such as these gets rolled out, the product is years away from prime time.
Disappointed that the feature is still missing
Sascha Odenthal commented
Why does PM not have this already under review ?
Andrew 491 commented
I ran into this same issue when deleting an interface. I was able to delete it OK but it warned me it was used somewhere however I had no idea where.