How to (correctly) delete a VDOM from FortiAnalyzer

Hello everybody. In this quick post, I will explain how to delete a VDOM device from FortiAnalyzer. Deleting device is really simple, whether it’s a VDOM or Firewall in its own right in GUI. The problem with VDOM is that you will be able to delete it from GUI but it will appears again few seconds later.

Why does it appear again ?

In fact, the VDOM device appears again because the underlying logs still exist.

That means that when you delete a VDOM from the GUI, only the device is deleted and not the related logs.

Solution

The easiest solution is to delete VDOM and the related logs from CLI. Of course, you have to be sure that VDOM does not exist in the firewall. Deleting a VDOM device from CLI will also delete the log files associated with that VDOM.

exec log device vdom list fgt1500D
Device name:FIREWALL-DC.
		|-------id:0, name:VD_CLOUD
		|-------id:1, name:VD_PRDDMZ
		|-------id:2, name:VD_INFRA
		|-------id:3, name:VD_SITEB
		|-------id:4, name:VD_VPN
		|-------id:5, name:root  (*** can not be deleted ***)

When you identified the VDOM to delete, execute the following command:

As result, the VDOM device in FAZ is correctly deleted, including the related logs files. it will not reappear again.

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.