Cannot delete zone - bug in zone?

I have a problem deleting a zone.

 

The zone is created as a DMZ type and was (as far as I remember) initially attached to a VLAN. The VLAN was later removed.

The zone was then assigned to a physical port instead, but after spending hours having no traffic flow I did try to change the zone for the port to "LAN" and "DMZ". Suddently everything started working. I created a new zone of type DMZ, attached it to the port and traffic was still flowing.

When I try to delete the old zone i get the following error:

The zone is not used in any rules or assigned to an interface anymore.

 

1) Could the lack of traffic flow when using this zone be a bug in XG?

2) How do I delete the zone?

 

Thx!

 

PS: I did try to reboot the XG. Still fails to delete the zone.

  • It seems to stuck somewhere in your config database...

    But this is quite impossible to debug in a Community. You should open a Sophos Support Case. 

  • Hello jpvj

    In order to delete the zone, 2 conditions must be met.

    1. Delete the firewall rule associated with that zone. In case you have created a firewall rule which defined zone as "Any" then you may need to specify the zone association to LAN,DMZ,WIFI etc.
    2. Set the Zone allocated to the interface to "None" or other listed zones.

    Conducting these steps the link to the zone you wish to delete will be unlinked and should able to delete the custom zone.

  • In reply to Aditya Patel:

    Hi Aditya,

    Aditya Patel
    Delete the firewall rule associated with that zone. In case you have created a firewall rule which defined zone as "Any" then you may need to specify the zone association to LAN,DMZ,WIFI etc.

     

    1. The zone is not associated with any firewall rules.

    Zone is called LLT and the firewall rules filtered LLT as source or destination both returns no results:

     

     

    Even after changing rules using "Any" as source/destination it still fails to delete.

    In case the use of "Any" as source/destination could cause this issue, I would suggest you log it as a bug. "Any" should just mean "Any currently defined zones" and of course you should be able to delete zones if "Any" was used as source/destination.

    Aditya Patel
    Set the Zone allocated to the interface to "None" or other listed zones.

    2. The zone is not allocated to any interface: