Follow the steps below to delete the IPsec tunnel:

1. Log in to the FortiGate web GUI.
2. Go to VPN -> IPsec Tunnels.
3. Locate the IPsec tunnel to delete.
4. Select the reference icon of the IPsec tunnel to remove.

5. Reference dialog will open. Select each reference, then delete it accordingly.

6. Delete the reference by selecting it.

7. After deleting all of the references, go to the IPsec tunnel and select 'delete' to delete it from the FortiGate configuration.

Note:

In the case of IPsec tunnel reference to the Sniffer object, see the screenshot below:

However, when navigating to sniffer under GUI, there is no related packet sniffer of Tunnel interface associated.

The attached screenshot above indicates the sniffer ID of IPsec related is '2', using the below command show/delete the sniffer:

config firewall sniffer

show 

delete 2 

end 

Sometimes, even when there are no visible references, the 'delete' option for the IPsec tunnel in the GUI remains greyed out.

Additionally, attempting to delete Phase 1 or Phase 2 from the CLI results in the error 'cannot delete a static table entry.'

This can be resolved with a few steps. First, search the reference for the tunnel interface with the following command:

show full-configuration | grep <name of the tunnel either phase 1 or phase 2> -f

After, enter to that configuration and manually delete it to remove all references.

After making this change, the reference object for the IPsec tunnel should be removed and can be deleted from this related object.

Related articles: 

• Technical Tip: How to delete sniffer from CLI
• Technical Tip: How to Check Referenced Objects