Unable to Delete Security Profiles, Policies, or Other Configuration Objects in Web UI and CLI

• Unable to delete security profiles, policies, NAT rules, or other configuration objects.
• The Web UI does not provide a delete option(greyed out) or even after deleting configuration still exists.
• The CLI command to delete the object fails with an error.

• Panorama
• Palo Alto Networks Firewalls
• Any pan-os version

• The object is still referenced elsewhere in the configuration.
• The configuration daemon (configd) is not responding properly or is in a stuck state.
• The system cache has not refreshed properly, preventing the deletion of unreferenced objects.

1. Verify Object References:

Use the global search feature (top-right corner in the Web UI) in Panorama or the firewall to check if the object is still referenced in any configuration.
In CLI, use: 

show config running | match <object-name>

If the object is referenced, remove all dependencies before attempting deletion.

2. Restart the Configuration Daemon (configd) (if the object is unreferenced but still cannot be deleted):

Perform this step during a maintenance window as it may cause temporary management disruption.

Run the following CLI command:

> debug software restart process configd

Wait for configd to restart and try deleting the object again.

3. Commit and Retry:

After removing references and restarting configd, commit the configuration to ensure changes take effect:

> commit

Attempt the deletion again via the Web UI or CLI.

4. Reboot the Firewall (if the issue persists):

If restarting configd does not resolve the issue, a full device reboot during a maintenance window is recommended.

Use the following CLI command: 

> request restart system

This solution applies to deleting security profiles, policies, NAT rules, and other configurations that are unable to be removed due to system issues.
Always verify references before restarting configd or the firewall to avoid unnecessary downtime.