diff --git a/doc/ChangeLog b/doc/ChangeLog
index 248ea919b..7b20162d2 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,11 @@
 2011-01-27  vadim  <vadim@netcitadel.com>
 
+	* Interface.cpp (removeRef): fixes #1987 "Deleting object that is
+	used as Network Zone for ASA/PIX interface results in inconsistent
+	behavior". When an object that is used as a network zone of an
+	interface is deleted, it should be removed from the interface
+	configuration as well.
+
 	* Cluster.cpp (init): fixes #1995 "Crash when compiling a cluster
 	with identical firewalls". Method Cluster::init() must call base
 	class method Firewall::init() to get child Policy, NAT and Routing
diff --git a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_search.cpp b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_search.cpp
index bdc97528f..958e98ed4 100644
--- a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_search.cpp
+++ b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_search.cpp
@@ -181,10 +181,23 @@ bool FWObjectDatabase::_findWhereObjectIsUsed(FWObject *o,
     p->setInt(".search_id", search_id);
     p->setBool(".searchResult", false);
 
+    Interface *intf = Interface::cast(p);
+    if (intf)
+    {
+        string netzone_id = intf->getStr("network_zone");
+        FWObject *netzone = findInIndex(FWObjectDatabase::getIntId(netzone_id));
+        if (netzone == o)
+        {
+            resset.insert(p);
+            res = true;
+        }
+    }
+
     PolicyRule *rule = PolicyRule::cast(p);
     if (rule)
     {
-        switch (rule->getAction()) {
+        switch (rule->getAction())
+        {
         case PolicyRule::Tag:
         {
             FWObject *tagobj = rule->getTagObject();
diff --git a/src/libfwbuilder/src/fwbuilder/Interface.cpp b/src/libfwbuilder/src/fwbuilder/Interface.cpp
index 5972f8d53..7e956f5e2 100644
--- a/src/libfwbuilder/src/fwbuilder/Interface.cpp
+++ b/src/libfwbuilder/src/fwbuilder/Interface.cpp
@@ -67,6 +67,20 @@ Interface::Interface():Address()
 
 Interface::~Interface() {}
 
+/**
+ * Removes reference to given object among children of 'this'. In case
+ * of Interface we check if @obj is used as network zone.
+ */
+void Interface::removeRef(FWObject *obj)
+{
+    string netzone_id = getStr("network_zone");
+    FWObject *netzone = getRoot()->findInIndex(
+        FWObjectDatabase::getIntId(netzone_id));
+    if (obj == netzone) setStr("network_zone", "");
+
+    FWObject::removeRef(obj);
+}
+
 FWObject& Interface::shallowDuplicate(const FWObject *o, bool preserve_id)
     throw(FWException)
 {
diff --git a/src/libfwbuilder/src/fwbuilder/Interface.h b/src/libfwbuilder/src/fwbuilder/Interface.h
index ba3c3bf38..d82387564 100644
--- a/src/libfwbuilder/src/fwbuilder/Interface.h
+++ b/src/libfwbuilder/src/fwbuilder/Interface.h
@@ -75,6 +75,12 @@ public:
         Interface(const Interface &i);
         virtual ~Interface();
 
+        /**
+         * Removes reference to given object among
+         * children of 'this'. In case of an Interface, we should check for
+         * if the reference to @obj is used as a network zone.
+         */
+        virtual void removeRef(FWObject *obj);
 
         virtual void fromXML(xmlNodePtr parent) throw(FWException);
         virtual xmlNodePtr toXML(xmlNodePtr parent) throw(FWException);
diff --git a/src/libgui/ObjectManipulator_ops.cpp b/src/libgui/ObjectManipulator_ops.cpp
index 1f022af22..c364a8aa5 100644
--- a/src/libgui/ObjectManipulator_ops.cpp
+++ b/src/libgui/ObjectManipulator_ops.cpp
@@ -561,7 +561,8 @@ void ObjectManipulator::deleteObject(FWObject *obj, QUndoCommand* macro)
     catch (FWException &ex)
     {
         if (fwbdebug)
-            qDebug("ObjectManipulator::deleteObject: catch:  restoreOverrideCursor");
+            qDebug() << "ObjectManipulator::deleteObject:"
+                     << "catch:  restoreOverrideCursor";
         QApplication::restoreOverrideCursor();
         QMessageBox::warning(
             this,"Firewall Builder",
@@ -583,7 +584,8 @@ void ObjectManipulator::deleteObject(FWObject *obj, QUndoCommand* macro)
 void ObjectManipulator::actuallyDeleteObject(FWObject *obj, QUndoCommand* macro)
 {
     map<int, set<FWObject*> > reference_holders;
-    UsageResolver().findAllReferenceHolders(obj, m_project->db(), reference_holders);
+    UsageResolver().findAllReferenceHolders(obj, m_project->db(),
+                                            reference_holders);
 
     FWObject *deleted_objects_lib = m_project->db()->findInIndex(
         FWObjectDatabase::DELETED_OBJECTS_ID);
diff --git a/src/libgui/UsageResolver.cpp b/src/libgui/UsageResolver.cpp
index 869b2a8f9..ed6e2b9dc 100644
--- a/src/libgui/UsageResolver.cpp
+++ b/src/libgui/UsageResolver.cpp
@@ -33,6 +33,7 @@
 #include "fwbuilder/RuleElement.h"
 #include "fwbuilder/Rule.h"
 #include "fwbuilder/Cluster.h"
+#include "fwbuilder/Interface.h"
 #include "fwbuilder/FWOptions.h"
 #include "fwbuilder/Management.h"
 
@@ -237,7 +238,7 @@ void UsageResolver::findAllReferenceHolders(
             FWObject *holder = o->getParent();
             reference_holders.insert(holder);
         }
-        if (Rule::cast(o))
+        if (Rule::cast(o) || Interface::cast(o))
             reference_holders.insert(o);
     }