Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tana
Staff
Staff

Created on ‎07-20-2021 08:51 PM Edited on ‎03-27-2025 05:06 AM By Moderator

Article Id 196631

Technical Tip: How to flush a VPN tunnel

Description

 

This article describes the process of resetting a VPN tunnel to clear the SA sessions and re-establish SA.
 
Scope
 
FortiGate.


Solution

 

diagnose vpn tunnel flush <my-phase2-name>

 
Or use the below command as well:
 
diagnose vpn ike gateway clear name <my-phase2-name>
 
Note.

Replace 'my-phase2-name' with the name of the Phase2 part of the VPN tunnel. If the name is NOT specified, all tunnels will be 'flushed'.

The command 'diagnose vpn tunnel flush' might not flush the tunnel in some FortiOS versions. Use 'diagnose vpn ike gateway clear name <my-phase1-name>' instead. Check the output when both commands are used on v7.4.3. 

 

diag vpn ike gateway clear name.png
In the multi-VDOM environment the command is found in the correspondent VDOM or the VPN gateway can be cleared or flushed from the management VDOM. The CLI commands do not appear in the global VDOM.

ipseccleargw.png

 

Note: A configuration backup should be created before running this command. It is recommended to run the command during a maintenance window or for troubleshooting purposes.

 

Related article:

Technical Tip: How to bring down the shortcut VPN tunnel created by Auto-Discovery VPN (ADVPN)

Labels:
112375
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.