IPSec Phase 1 Proposal - Can't Remove or Save

Question

Hi,

We are in the process of upgrading our environment from v5.4 to v5.6.7. So far, we have upgraded Fortimanager and a couple of test firewalls.

In our environment, we use custom IPSec VPNs extensively.

Previously under v5.4, when defining an IPSec VPN on a Fortigate, we were able to delete the Phase 1 proposals that we do not use and then Save the change.

Under v5.6 however, we are unable to delete Phase 1 proposals; there isn't any buttons. Not only that, there isn't an Ok button at the button; just a Return button.

Has anyone else seen this before?

Thanks for your time.

LarW63

gregec6 · Answer

We have version 5.6.x and we are deleting old IPSecs with cli.

#go to phase2

config vpn ipsec phase2-interface

#list

sh

edit "test"
 set phase1name "test"
 set comments "VPN: test (Created by VPN wizard)"
 set src-addr-type name
 set dst-addr-type name
 set src-name "test_local"
 set dst-name "test_remote"
 next

#remove phase2-interface

delete test

#go to phase1

config vpn ipsec phase1-interface

#list

sh

edit "test"
 set interface "port4"
 set peertype any
 set comments "VPN: test (Created by VPN wizard)"
 set wizard-type static-fortigate
 set remote-gw 1.1.1.1
 set psksecret ENC S4b/rwT7EwLNhoNvXQU6xVTO7JR86VcF6jKE9bjksey2VIkGwscZrJnoUzSb1oTMy2JbGPIzkx3qKIdzTjx2yAkzSZAUnsr3yI/sSLlqifvYOE3L5GZxAQvY/imWTNfKKeZyXm0z6zhUP1EmOx8Iz7Uwci3iPY98PqSWcR7e4NaUSYeITb6ZO6eoln2Nd3782lPbwQ==
 next

#remove phase1-interface

delete test

If you get this message, you must delete policy and routing:

This phase1-interface is currently used
command_cli_delete:5493 delete table entry test unset oper error ret=-23
Command fail. Return code -23

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded