When you un-assign an IPsec template from a device, FortiManager modifies the configuration for the affected devices. When you install the modified configuration to devices, FortiManager automatically uninstalls the configuration (phase1 and phase2 interfaces) generated by the IPsec template from the devices.
FortiManager does not remove dependencies, such as routing, policies, and normalized interfaces. You must manually remove those dependencies. For example, if the VPN tunnel is being used in a policy, you must edit the policy to manually remove the VPN tunnel interface from the source or destination interface.
- Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
- Select the template, and click Assign to Device.
The Assign to Device dialog box is displayed.
- In the Selected Entries list, select the device and click < to move the device to the Available Entries list.
- Click OK.
The IPsec template is un-assigned from the device, and the configuration status changes to Modified.
- Go to Device Manager > Device & Groups, and select Table View to view the configuration status.
In the following example, the IPsec template was removed from several devices, and the Config Status displays Modified:
- Install the modified device configuration to remove the IPsec template configuration from the device.
You can view the changes in the Install Log. For example, the Install Log for the device named vlan171_0091 shows that FortiManager removed phase1 and phase2 interface settings.