Force delete object
At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.
XG Fan commented
I think these requests should be merged:
what i did is create a group without any rule, any permision, denying everything and add the objet in this group.
Also enter in de objet and deny any permision, in my case i was trying to clean the vpn user table (now we are using AD) and had the same problem, i wasnt able to find in what rules were the user added. If u are trying to delete user do not forget to uncheck the sophos connet client check.
(the post is old.....but why not?)
Please add this. Coming to the XG recently and waiting in hope that this would be in v18, I am somewhat stunned to find this request from 2015 still hasn't been implemented. I have a chunk of 2008 servers to decomission and trying to track them all down in the firewall rules is proving to be a task which should not be taking this long.
PLease, DO IT
".. could not be deleted because it is currently in use." but no clue where it is in use. Very time consuming like finding a needle in a haystack. I deleted all firewall rules, but it still says that the web policy is currently in use. So I need a possibility to delete the corrupt entry.
There is any version where this will be fix?
I regret moving to the XG from the SG. We should have looked elsewhere. The XG is truly a let down.
Alan Salgado commented
We need this, even other firewall brands has it.
I've got a pair of XG 330s and a 125. We need this now!
Nils Keune commented
This is such a bad joke, I cannot really laugh about it. I just want to delete a user and people tell me to edit xml files to do so. On a 1500€ device that also wants 1500€ licensing fees every three years. Sophos, are you freaking kidding us?
Q Kirwan commented
Just wanted Sophos to know:
We purchased two Sophos XG 125 firewalls with 3 years of support to upgrade all of our SG firewalls. However, because this feature, or any feature that tells you where an object is in use on the firewall, is completely missing, we have decided to return these firewalls for a full refund and will continue to use the older ones as they are feature complete.
Please emphasize getting this feature in production. Thank you.
Why the **** hasn't this been done yet? If you have hundreds of firewall rules, groups etc. it is absolutely impossible to find out where a user is attached. It should say "this user is attached to policy, are you sure you want to delete" and if approved, the XG should remove the user wherever they are attached, just the same as it does in AD.
Absurd that this has been outstanding for almost 3 years. Fix it already.
Marcelo Bustos commented
Thanks to our Compunet support team We can find a way, although it is not the most elegant one, to find the dependencies of the IPHost object with the rule / group to which it belongs.
To find the dependency of the IPHost object you must do the following:
1.- download the complete configuration of XG from Backup & firmware / Import Export and Export full configuration
2.- edit the XML file in Notepad ++ (or other) and perform filtering by the name of the object
3.- Correlate in the file the object and dependence
Attempting to delete an IP Host Group Object. Have removed the object in question from all rules (limited number of rules where this object would be applied) yet, still presented with "Can't delete because in use by a firewall rule" message. Manually inspecting all rules for where this object may be reference has proved unsuccessful. If the object exists we need to be able to search for it or, have the system inform us where it is referenced.
The interface is really not very good at all. An admin must have better editing tools to manage the amount of data he has to process accurately, and efficiently, I have wasted many hours dodging the quirks in trying to change data. I see some "solutions" like "erase everything and start from scratch", and "export the configuration (to XML), EDIT it then, import the code back into the configuration. Are you kidding??? It's like me telling my users, export the registry......then reinstall it. COME ON! At least make this editing process usable.
Nobody is smart enough to do everything correct the first time. I can't edit NAT records and I cannot delete host entries. We "tried" things that didn't work. Now we are stuck? With the documentation lacking, being unable to delete or change things is a MAJOR weakness.
Yudhin Acharya commented
We need to have it for all the object regardless of IP, IP range, HOST, FQDN, USER, User group, anything,