Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yktee99
New Contributor II

Created on ‎02-09-2022 05:23 AM

How to remove a wrong command in Fortigate firewall without rebooting it

I have a firewall with a wrong command in the config, I am exploring whether I can correct it without rebooting the firewall. 
 
The following syntax is in the Fortigate firewall. However, the command "set associated-interface "Terminal10" in red is wrong, it should not be there. Can the wrong command be removed by CLI without restoring the firewall config file? Restoration will cause disruption to the firewall operation as there will be rebooting. Appreciate your advice. Thanks.
 
edit "Terminal_192.168.1.1"
        set associated-interface "Terminal10"
        set comment "Terminal_192.168.1.1"
        set subnet 192.168.1.1 255.255.255.255
    next
 
After the removal, it becomes as follows:
edit "Terminal_192.0.132.1"
        set comment "Terminal_192.168.1.1"
        set subnet 192.168.1.1 255.255.255.255
    next
Labels:
23885
0 Kudos
1 Solution
yktee99
New Contributor II
In response to Debbie_FTNT

Created on ‎02-18-2022 02:33 AM

Debbie_FTNT,

 

Thank you very much, I have tested the solution you provided, It is working. Thanks again.

View solution in original post

23767
0 Kudos
4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-09-2022 09:04 AM

Is this a typo? The second one is a different address object named "Terminal_192.0.132.1", with the same subnet (IP). They can coexist though.

In any case, no reboot is required for any address object changes. You should be able to remove the interface association by "unset associated-interface" under the original address object editting mode. You might need to take it out of policies if it's already used with other objects. After 6.2, you can't mix those objects with specific interface assiation and others without it on the same policy.

 

Toshi

23818
0 Kudos
yktee99
New Contributor II
In response to Toshi_Esumi

Created on ‎02-10-2022 02:23 AM

Toshi,

 

Thank you very much for your reply.

 

Spot on, yes, it is a typo.

 

I have multiple "set associated-interface "xxx" commands in my config but I only need to remove one, will the "unset associated-interface" command remove all of them? As I only need to remove only one, can I use unset associated-interface "Terminal10" to remove this specify one instead? Thanks.

23805
0 Kudos
Debbie_FTNT
Staff
Staff
In response to yktee99

Created on ‎02-10-2022 03:53 AM

Hey yktee,

if you do this:
config firewall address
edit <object>
unset associated-interface

end

 

that will only remove the associated interface from this one object. The other objects will retain their associated interfaces.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
23803
0 Kudos
yktee99
New Contributor II
In response to Debbie_FTNT

Created on ‎02-18-2022 02:33 AM

Debbie_FTNT,

 

Thank you very much, I have tested the solution you provided, It is working. Thanks again.

23768
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.