Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FlavioB
New Contributor III

Created on ‎01-31-2012 01:57 AM

How to delete phase1-interface?

Hello everybody. I need to remove an IPSec VPN I created, but I only managed to get the phase2-interface deleted. How do I need to proceed to get rid of the phase1-interface? I tried in the CLI with " config vpn ipsec phase-1interface" then " delete VPNNAME" but I got told that the phase1-interface was being used. Any help will be appreciated. Thanks, F.
5265
0 Kudos
6 REPLIES 6
Carl_Wallmark
Valued Contributor

Created on ‎01-31-2012 02:19 AM

You need to delete all references to that tunnel before deleting the actual tunnel. policy, routes, dhcp etc...

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3647
0 Kudos
FlavioB
New Contributor III
In response to Carl_Wallmark

Created on ‎01-31-2012 02:25 AM

Hy. I managed to delete the routing entry and every policy. There are no DHCP Servers relating to it... Still, I cannot remove that Phase1-Interface... What else? F.
3647
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎01-31-2012 02:47 AM

Firewall objects ? (addresses, VIPs etc...) Have you a widget with the tunnel on it ? there is a command in the CLI to find out what you forgot: http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD30620&languageId=

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3647
0 Kudos
FlavioB
New Contributor III
In response to Carl_Wallmark

Created on ‎01-31-2012 02:55 AM

Hello again. No Addresses, no VIPs... The CLI-command " checkused" is great, but is there also some sort of " manual" of which tables there exist? I need to check a phase1-interface, I thought it' d be vpn.ipsec.phase1-interface " VPNNAME" but it doesn' t seem to be like that... Thanks again, F.
3647
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎01-31-2012 02:58 AM

in this situation, i would download the config file, and open it in wordpad and search for the tunnel name

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3647
0 Kudos
FlavioB
New Contributor III
In response to Carl_Wallmark

Created on ‎01-31-2012 04:07 AM

Finally I got it done: just needed to look at the VPN-Interface in the " Network - Interfaces" view. There you have the correct number of references... Thanks anyway! F.
3647
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.