10-13-2025 06:32 PM
I'm currently testing out SCM Pro with a lab firewall. So far I have been unable to delete the default "Internet" security zone which is set at the All Firewalls level. I get the following error message below
"A rule or another object is referencing internet. You can't delete objects that are in use. To delete an object, first remove it from the rules or other objects that are referencing it.
I've looked through the folders/snippets and can't find the relevant config to modify. Does anyone know how to do this?
10-14-2025 03:11 AM
Hello @Justin.Morgan1,
To delete the default "Internet" security zone, you need to remove its references in other configurations. Based on the error message, the zone is being used in the SWG (Secure Web Gateway) general settings as the outbound zone.
Steps to resolve the issue:
Go to your NGFW configuration and navigate to ngfw-shared -> swg -> general-settings.
Change the outbound-zone setting to a different zone or none, depending on your requirements.
After updating the configuration, you should be able to delete the "Internet" security zone.
Additionally, ensure that there are no other rules or objects referencing the "Internet" zone. If you're still having trouble, review the Palo Alto Networks documentation or contact their support for more detailed guidance.
Best Regards,
Henry Cowan
10-14-2025 04:31 PM
There's no option or panel to view ngfw-shared -> swg -> general-settings in our SCM.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
