Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot delete zone - bug in zone?

I have a problem deleting a zone.

 

The zone is created as a DMZ type and was (as far as I remember) initially attached to a VLAN. The VLAN was later removed.

The zone was then assigned to a physical port instead, but after spending hours having no traffic flow I did try to change the zone for the port to "LAN" and "DMZ". Suddently everything started working. I created a new zone of type DMZ, attached it to the port and traffic was still flowing.

When I try to delete the old zone i get the following error:

The zone is not used in any rules or assigned to an interface anymore.

 

1) Could the lack of traffic flow when using this zone be a bug in XG?

2) How do I delete the zone?

 

Thx!

 

PS: I did try to reboot the XG. Still fails to delete the zone.



This thread was automatically locked due to age.
Parents
  • Hello jpvj

    In order to delete the zone, 2 conditions must be met.

    1. Delete the firewall rule associated with that zone. In case you have created a firewall rule which defined zone as "Any" then you may need to specify the zone association to LAN,DMZ,WIFI etc.
    2. Set the Zone allocated to the interface to "None" or other listed zones.

    Conducting these steps the link to the zone you wish to delete will be unlinked and should able to delete the custom zone.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Hi Aditya,

    Delete the firewall rule associated with that zone. In case you have created a firewall rule which defined zone as "Any" then you may need to specify the zone association to LAN,DMZ,WIFI etc.

     

    1. The zone is not associated with any firewall rules.

    Zone is called LLT and the firewall rules filtered LLT as source or destination both returns no results:

     

     

    Even after changing rules using "Any" as source/destination it still fails to delete.

    In case the use of "Any" as source/destination could cause this issue, I would suggest you log it as a bug. "Any" should just mean "Any currently defined zones" and of course you should be able to delete zones if "Any" was used as source/destination.

    Set the Zone allocated to the interface to "None" or other listed zones.

    2. The zone is not allocated to any interface:

     

Reply
  • Hi Aditya,

    Delete the firewall rule associated with that zone. In case you have created a firewall rule which defined zone as "Any" then you may need to specify the zone association to LAN,DMZ,WIFI etc.

     

    1. The zone is not associated with any firewall rules.

    Zone is called LLT and the firewall rules filtered LLT as source or destination both returns no results:

     

     

    Even after changing rules using "Any" as source/destination it still fails to delete.

    In case the use of "Any" as source/destination could cause this issue, I would suggest you log it as a bug. "Any" should just mean "Any currently defined zones" and of course you should be able to delete zones if "Any" was used as source/destination.

    Set the Zone allocated to the interface to "None" or other listed zones.

    2. The zone is not allocated to any interface:

     

Children
  • Hi,

     

    from my experience you have to check each and every option in XG to see if this zone is somehow still allocated. not only firewall rules.

    e.g. in my case it was still allocated in "Permitted network resources (IPv4)" under VPN->SSL VPN (remote access). Furthermore you should check if you have "Firewall rule groups". Maybe the zone you wanna delete is listed under "Source Zone" in "Group Matching Criteria".

    I don't think it's a bug, you just can't delete zone until the very last association to this zone has been deleted. 

    However, what would be a good feature is that the error message gives a little more information. e.g. where exactly this zone is still being allocated to. That would help a lot.

     

     

    Best

    Peter