Skip to main content
l33vi3w
New Member
January 17, 2020
Solved

Remove Virtual IP command

  • January 17, 2020
  • 1 reply
  • 14781 views

Hi,

 

Is there a command to remove a virtual ip, without using the gui?

I am using a serial connection to my Fortigate 201e.

I've been locked out and can't connect to it over https.

 

Thanks!

    Best answer by nbctcp

    FW1 # config firewall vip

    FW1 (vip) # show config firewall vip edit "1" set extip 192.168.88.25 set extintf "port1" set mappedip "10.0.3.11" next end

    FW1 (vip) # delete 1

    FW1 (vip) # end

    1 reply

    Yurisk
    SuperUser
    SuperUser
    January 17, 2020

    Fortigate is fully manageable via CLI as well. 

    1. Find the policy ID where your VIP is used :

    show firewall policy

    2. Either delete the policy completely or disable it:  

    a) Delete (make sure you use correct policy id), e.g. you want to delete policy with id 2:

     config firewall policy

    delete 2

    end

    b) Disable, e.g. policy id 2:

    config firewall policy

    edit 2

    set status disable

    next

    end

     

    There can be slight delay between entering the commands and FG actually cleaning its connection table for this VIP. 

    yurisk.info - all things Fortinet blog, no ads
    nbctcp
    nbctcpAnswer
    New Member
    January 25, 2020

    FW1 # config firewall vip

    FW1 (vip) # show config firewall vip edit "1" set extip 192.168.88.25 set extintf "port1" set mappedip "10.0.3.11" next end

    FW1 (vip) # delete 1

    FW1 (vip) # end