This issue occurs after the "Default Section" of the "Partner Services" tab of the Firewall configuration is moved and deleted.
This causes one of the present sections to become the new default section. If the corresponding security policy gets removed, the deletion of the section fails as the default section cannot be deleted.
When trying to delete the section manually via REST API (e.g. DELETE /api/4.0/firewall/globalroot-0/config/layer3redirectsections/1004) before using the workaround you will see a response like this:
<?xml version="1.0" encoding="UTF-8"?>
<error>
<errorCode>110458</errorCode>
<details>Default Layer3 Redirection Section cannot be deleted.</details>
<moduleName>vShield App</moduleName>
</error>