Fortinet black logo

SD-WAN Overlay Migration from OCVPN to OaaS Deployment Guide

Home Overlay-as-a-Service 23.4.0 SD-WAN Overlay Migration from OCVPN to OaaS Deployment Guide
23.4.0
24.1.0
23.4.0
23.3.0

(Optional) Deleting OCVPN configuration

(Optional) Deleting OCVPN configuration

After installing configuration settings orchestrated from OaaS and verifying connectivity between sites, you can consider deleting the configuration settings orchestrated from OaaS.

On the FortiGate, use the CLI command show | grep OCVPN -f to find all instances of OCVPN-related configuration settings. The below settings were found using this exact command:

  • BGP neighbor range table

  • BGP neighbor group table

  • Router Policy

  • IPsec Phase 2 and Phase 1

  • PKI user group and PKI users

  • Address groups and address objects

Repeat the above CLI commands to delete each address group and address object with the comment “Generated by OCVPN Cloud Service.”

Alternatively, it is more convenient to use the FortiGate GUI. On the Policy & Objects > Addresses page, use CTRL + left click to select multiple address groups and address objects and delete them at once.

To delete multiple address groups in the GUI:

  1. Select multiple addresses using CTRL + left click.

  2. Right-click on the selection and select Delete.

  3. Click OK to confirm.

To delete multiple address objects in the GUI:

  1. Select multiple objects using CTRL + left click.

  2. Right-click on the selection and select Delete.

  3. Click OK to confirm.

Previous
Next

(Optional) Deleting OCVPN configuration

After installing configuration settings orchestrated from OaaS and verifying connectivity between sites, you can consider deleting the configuration settings orchestrated from OaaS.

On the FortiGate, use the CLI command show | grep OCVPN -f to find all instances of OCVPN-related configuration settings. The below settings were found using this exact command:

  • BGP neighbor range table

  • BGP neighbor group table

  • Router Policy

  • IPsec Phase 2 and Phase 1

  • PKI user group and PKI users

  • Address groups and address objects

Repeat the above CLI commands to delete each address group and address object with the comment “Generated by OCVPN Cloud Service.”

Alternatively, it is more convenient to use the FortiGate GUI. On the Policy & Objects > Addresses page, use CTRL + left click to select multiple address groups and address objects and delete them at once.

To delete multiple address groups in the GUI:

  1. Select multiple addresses using CTRL + left click.

  2. Right-click on the selection and select Delete.

  3. Click OK to confirm.

To delete multiple address objects in the GUI:

  1. Select multiple objects using CTRL + left click.

  2. Right-click on the selection and select Delete.

  3. Click OK to confirm.

Previous
Next