Remove Virtual IP command

l33vi3w · ‎01-17-2020

Hi,

Is there a command to remove a virtual ip, without using the gui?

I am using a serial connection to my Fortigate 201e.

I've been locked out and can't connect to it over https.

Thanks!

nbctcp · ‎01-24-2020

FW1 # config firewall vip

FW1 (vip) # show config firewall vip edit "1" set extip 192.168.88.25 set extintf "port1" set mappedip "10.0.3.11" next end

FW1 (vip) # delete 1

FW1 (vip) # end

Yurisk · ‎01-17-2020

Fortigate is fully manageable via CLI as well.

1. Find the policy ID where your VIP is used :

show firewall policy

2. Either delete the policy completely or disable it:

a) Delete (make sure you use correct policy id), e.g. you want to delete policy with id 2:

 config firewall policy

delete 2

end

b) Disable, e.g. policy id 2:

config firewall policy

edit 2

set status disable

There can be slight delay between entering the commands and FG actually cleaning its connection table for this VIP.

Yuri Slobodyanyuk

nbctcp · ‎01-24-2020

FW1 # config firewall vip

FW1 (vip) # show config firewall vip edit "1" set extip 192.168.88.25 set extintf "port1" set mappedip "10.0.3.11" next end

FW1 (vip) # delete 1

FW1 (vip) # end

Nominate a Forum Post for Knowledge Article Creation