FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jangelis
Staff
Staff
Description

When the FortiGate is in the state, where there is a tunnel interface configured, but the VPN itself is already deleted, the tunnel interface cannot be deleted directly.

 

This article describes how to delete it.

 

Error message when deleting the InterfaceError message when deleting the Interface

 

This interface also cannot be directly deleted from CLI:

 

# show system interface ipsec-tunnel

  config system interface
    edit "ipsec-tunnel"
    set vdom "root"
    set type tunnel
    set snmp-index 27
    set interface "wan1"
  next
end

FGT # config system interface


FGT (interface) # delete ipsec-tunnel

A tunnel interface cannot be deleted directly.
command_cli_delete:6564 delete table entry ipsec-tunnel unset oper error ret=-160
Command fail. Return code -160

FortiGate (interface) #end

Scope FortiGate
Solution

The workaround is to create an IPSec interface and then delete this VPN.

 

FGT # config vpn ipsec phase1-interface


FGT (phase1-interface) # edit ipsec-tunnel

new entry 'ipsec-tunnel' added

FGT (ipsec-tunnel) # set remote-gw 192.0.2.1


FGT (ipsec-tunnel) # set interface wan1


FGT (ipsec-tunnel) # set psksecret XXXXXXXX


FGT (ipsec-tunnel) # end


FGT # config vpn ipsec phase1-interface


FGT (phase1-interface) # delete ipsec-tunnel


FGT (phase1-interface) # end


FGT # show system interface ipsec-tunnel

entry is not found in table

FGT #

 

Note.

The VPN interface must have precisely the same name as the interface that needs to be removed.

 

Related Article:

Technical Tip: Unable to delete VPN tunnel even if policy/routes are deleted  

Contributors