Technical Tip: Removing a dialup VPN user immediately from VPN access
Description
This article describes how to remove a dialup user who is already connected to a VPN from VPN access without affecting other users.
Scope
FortiGate.
Solution
- Disable/delete the required dialup user account, or remove the user account from the VPN access group defined in phase1 settings.
- Delete phase1 for specific users using peers' public IP addresses in phase1 filter.
diag vpn ike filter dst-addr4 <IP address of peer>
diag vpn ike gateway flush
Starting from v7.4.1, the 'diagnose vpn ike log-filter dst-addr4' command has been changed to 'diagnose vpn ike log filter rem-addr4'.
Note: If no IKE filters are specified, it would clear all established IKE.