Screen OS

I am attempting to move zone from one interface to another. I can't remove the zone from the existing interface as I get the error Interface ethernet0/2 is in use. Remove binding first! However I can't for the life of me see what is still bound to eth0/2

Command I am running: 

unset interface eth0/2 zone

Output of get config | incl ethernet0/2

set interface "ethernet0/2" zone "Student_Workstations"

Any idea what else I would need to unbind it from since the config is showing that is isn't actually bound to anything (no VPNs, no static routes, no DHCP or NTP etc).

Try putting it into the null zone first

set interface eth0/2 zone null

Is this the only interface in the zone you are removing?  Maybe there are policies configured to that zone that must be removed first.

Hi,

Try this: get config | in ethernet0/2. You will definitely find a command that blocks this interface (syslog, dns, ntp etc). It may be used somewhere eg. as a src-interface.

I had this problem too. With the command which Edouard posted (get config | in ethernet0/2) you see everything that the interface uses. use unset with what you have found with get config then you can unset the interface.

Good luck and maybe it's smart to save your config?

Or......just set interface XXX zone NEWZONE

You don't have to unset it to change the zone, but you do have to remove ip's and other config referencing it to put it in null zone

Had the same problem. After removing the VPN config I could not delete the tunnel.2 interface. Which led to inconsistency with NSM.

unset interface tunnel.2 -> Interface in use, unset zone failed.

get config | inc tunnel.2 -> showed only zone untrust.

set interface tunnel.2 zone delete (which i created) -> interface in use.

I rebooted the device with "reset", afterwards I could delete the interface just fine, so I believe this is a bug.

Version was 6.3r10

I had same problem SSG-140 6.3.0R11, also had to reset in order to be able to change the zone, nothing else worked and I double checked with get config | in intname that it was not used...

6.3R8 SSG550 same problem no matter what I tried. Guess I have to wait for a reboot.

Definitely a bug. I have had it happen multiple times with tunnel interfaces. Firewalls running 6.3.0r16a-dfj1.0.

---

@CHNE wrote:

Had the same problem. After removing the VPN config I could not delete the tunnel.2 interface. Which led to inconsistency with NSM.

 

unset interface tunnel.2 -> Interface in use, unset zone failed.

 

get config | inc tunnel.2 -> showed only zone untrust.

 

set interface tunnel.2 zone delete (which i created) -> interface in use.

 

I rebooted the device with "reset", afterwards I could delete the interface just fine, so I believe this is a bug.

Version was 6.3r10

 

---

I had the same problem.

It was set as source int for syslog. And therefore it refused to delete it. (without telling why)

Unset it in Configuration > Report Settings > Syslog

 and the remove showed up under the interface menu.

Hope this helps 🙂