Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
L14507
New Contributor II

How can I delete vpn tunnel I created?

I am trying to delete vpn tunnel I created for testing purpose. But I do not see the option to delete.

Any advice will be greatly appreciated.

9 REPLIES 9
tanr
Valued Contributor II

In GUI on right hand side of tunnel you should see a number showing how many references to the tunnel or associated objects there are.  Clicking the number should list out the references, which you'll need to remove before you can delete the tunnel.

L14507
New Contributor II

I understood that I need to delete those references. But how? I went to edit the tunnel page and tried to delete those settings but they won't go away. :(

tanr
Valued Contributor II

You need to delete the *other* objects that are making the references. For example, the security policies and static routes that refer to the vpn.

L14507
New Contributor II

the references like security policies and static routes have been deleted but I am still unable to delete this test tunnel. :(

Sudarsan_Babu

Can you check any dhcp address added. 

 

 Try to delete from cli . 

 

 

 

Regards,

Sudarsan Babu P

Regards, Sudarsan Babu P
tanr
Valued Contributor II

Do you see any other refs in the GUI? If not, there could be a ref hidden in the CLI to either the IPs used or the object. From CLI to search for them try: show full | grep - f IP And see if anything comes up.

Knox_122

Essentially you have to work backwards from how you created the tunnel. Remove the VPN Interface from any zones you had applied them to in the Interface section of the Fortigate. Delete all static routes that had reference that interface, remove that interface from all Firewall policy references (If not zoned, if zoned, then removing the interface from the zone should suffice). Then delete the VPN Tunnel you first created. 

simonl

If you use the VPN wizard, it will create network objects for you. That is what will be stopping you from deleting the tunnel.

 

Policy & Objects > Addresses

 

You're looking for Subnets and AddressGroups that start with the name of your VPN. Hope that helps!

Durga_Ashwath

Hi,

When the FortiGate is in the state, where there is a tunnel interface configured, but the VPN itself is already deleted, the tunnel interface cannot be deleted directly.
For this you have to create an IPsec interface and then delete this VPN.

Please do follow the below articles for the same:
> https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-delete-a-tunnel-interface/ta-p/2...
> https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-delete-VPN-tunnel-even-if-policy...

Regards,
Durga A

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors