sorry for the silly question, but I have never done this before:
I would like to delete a sub-interface.
Is there a special order I have to stick to?
Delete all policies first where the zone is involved?
Delete the zone first?
Delete the interface first?
Or does this not matter?
l think better remove the interface from the zone and then delete the subinterface. Your zone might have more interfaces than the sub-interface.
ok, did this!
Now my zone has no further interface.
But when I want to delete the zone, the firewall says first I have to remove the zone from all policies (security, nat, application override etc.)
But this zone is in approximately 100 policies.
Do I have to click every policy by hand now and remove the zone?
That would be very time-consuming.
If you are comfortable with it I would edit out the zone directly in the XML and then load the config without the zone mentioned. The zone needs to be out of all rulebase before you can actually delete it, as you would have references to a zone that doesn't exist.
But in this case this wouldn't be really useful. Or it would be risky at least. Because when removing objects (zones, network objects, apps..) from security rules you have to check each rule carefully. Because if the object you are removing is the only one in that field, after removing it the value of that field would become 'any'. So you could make huge holes in your FW policy when automatically removing objects from policies.
Like @santonic said they're definitively good points in not working with the XML if you don't follow everything closely or know exactly how to incorporate what is being displayed. If this is your first time modifying the XML directly I probably wouldn't do it on something this large. No matter what you do make sure to validate the config before you attempt to commit it and don't use the force method to make it take the commit if it isn't working.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!