Un-assigning IPsec templates
When you un-assing an IPsec template from a device, FortiManager modifies the configuration for affected devices. When you install the modified configuration to devices, FortiManager automatically uninstalls the configuration (phase1/phase2 interfaces) generated by the IPsec template from devices.
FortiManager does not remove dependencies, such as routing, policies, and normalized interfaces. You must manually remove dependencies. For example, if the VPN tunnel is being used in a policy, you must edit the policy to manually remove the VPN tunnel interface from the source or destination interface.
To un-assign IPsec templates:
- Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
- Select the template, and click Assign to Device.
The Assign to Device dialog box is displayed.
- In the Selected Entries list, select the device, and click < to move the device to the Available Entries list.
- Click OK.
The IPsec template is un-assigned from the devices, and the configuration status changes to Modified.
- Go to Device Manager > Device & Groups, and select Table View to view the configuration status.
In the following example, the IPsec template was removed from several devices, and the Config Status displays Modified:
- Install the modified device configuration to remove the IPsec template settings from the device.
You can view the changes in the Install Log. For example, the Install Log for the device named vlan171_0091 shows that FortiManager removed phase2 and phase1 interface settings.