Error ""Failed to delete firewall group with name or ID <'UUID'>: Firewall group <UUID> is still active" is received while attempting to delete a firewall gateway
search cancel

Error ""Failed to delete firewall group with name or ID <'UUID'>: Firewall group <UUID> is still active" is received while attempting to delete a firewall gateway

book

Article ID: 404572

calendar_today

Updated On:

Products

VMware Integrated OpenStack

Issue/Introduction

Unable to delete a Firewall Gateway, and it fails as observed below

[2025-07-08 11:40:10.688] [root@vioadmin1-vioshim-############ ~]# openstack firewall group delete ########-####-####-####-############
[2025-07-08 11:40:33.283] Failed to delete firewall group with name or ID '########-####-####-####-############': Firewall group ########-####-####-####-############ is still active.
[2025-07-08 11:40:33.283] Neutron server returns request_ids: ['req-########-####-####-####-############ ']
[2025-07-08 11:40:33.283] 1 of 1 firewall group(s) failed to delete.

Environment

7.x

Cause

The firewall gateway cannot be marked as down if it has any active ports attached to it and cannot be deleted. 

Resolution

  1. Identify if there are any ports associated with the firewall group

    openstack port list --firewall-group <UUID>.

  2. If any port is identified as attached, delete the associated port 

    openstack port set --no-firewall-group <port_id>

  3. Delete the Firewall group

    openstack firewall group delete <UUID>.

 

Additional Information

You can try to manually attach the port to the FWG, detach it and then try the deletion.

  1. Assign an FWG policy to the FWG
  2. Add a port to the FWG
  3. Remove the port from the FWG
  4. Delete the Firewall Group using the command:

        openstack firewall group delete <UUID>
     
Powered by Wolken Software