Create a very basic firewall config like this http://pastebin.com/biT3iNes then delete (or rename) the TrustedHosts address group ( The CLI will give you an error like: "Error: group [TrustedHosts] still in use" but it will remove the group anyway ), commit, save, reboot.
After it reboots the entire EXTERNAL-TO-SELF firewall will not exist because a single rule failed to evaluate. This problem is amplified when you consider other parts of the config tree, you will loose zones because the single firewall no longer exists. Same with ESP/IKE groups, you will loose peers definitions.
This partiuclar issue can be fixed by making the "still in use" error fatal, maybe their is a generic way to solve this for all portions of the config tree