Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Localize an Object to delete it in SFOS

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Table of Contents

Overview

This recommended read goes over the steps to localize an object within SFOS.

If you’re trying to delete an object within SFOS and it’s already in use, you have to localize the rules first and delete/edit those rules.

In the case of complex setups, it can be complicated to localize all rules. 

The following UI error will occur:

  • "Host could not be deleted. Firewall rule exists for this host."

What to do

Doing a full export of the entire configuration under "Backup & firmware - Import-export" gives you an XML File, which helps localize all config settings.

If you know the location of the config, you can export only firewall rules, for example. You can do a full export if the usage is unknown to you. 
Within the file is the "Entities.xml" file.
With a standard text editor, you can localize all objects, using your object. 
The object itself:

A TLS Inspection rule using this object:

SMTP General Settings are using this as a Required TLS Host object:

One Firewall Rule uses this object as a Source called "FirewallRule".

One NAT Rule is using this object as a Source Network.

This option is an easy way to do a "where is used" option if needed to delete it. 




Added TAGs
[edited by: Raphael Alganes at 5:32 AM (GMT -7) on 18 Sep 2024]
Parents Reply Children
  • Generating a XML takes performance effort. This takes some time to get the XML in the first place. SFOS Webadmin does not have the XML present at any time. 

    __________________________________________________________________________________________________________________

  • Figuring out usage of multiple objects within an migration process or daily usage takes at least time effort (by manually searching xml files and webadmin once again after that). That‘s much more effort than performance impact on current hardware… in 2022…

    We were able to have these information ready at any time in SG Firewall for years…