10-21-2020 05:06 AM - edited 10-21-2020 05:13 AM
I am still confused to be honest.
I get that the object is part of a group.. if you delete it from the group.. then it is no longer part of the group.
You would then simply to the (presuming) address object, within the Object tab, and delete the object.
Wouldn't that delete the object in all policies?
If you believe that the object was not created as an address object (or similar) but manually defined in your policies (again... you can add any object, predefined, prior to using the object, or enter an IP on the fly, within the config)
There are only 2 suggestions that can be recommended here.
Export the Panorama config. Do a search/delete of those elements/objects you do not want. Import back into Panorama.
From CLI, go into config mode.
Enter "run set cli config-output-format set"
This will let you see the config in "set" notation.
From here, do a "show | match (object name)" command, which will show you all lines in the config, where (object name) is being used.
If you export those lines, you could then copy/paste into a document, change the "set (object name)", into a "delete (object name)", and then copy/paste those lines back into the Panorama.
Personally, the first way, where you are just removing the elements from the xml may be a safer bet, if you are comfortable with the CLI.
As long as the object is not part of the FW local config, you should be OK with modifying the xml.
Good luck!
