Hello everybody. In this quick post, I will explain how to delete a VDOM device from FortiAnalyzer. Deleting device is really simple, whether it’s a VDOM or Firewall in its own right in GUI. The problem with VDOM is that you will be able to delete it from GUI but it will appears again few seconds later.
Why does it appear again ?
In fact, the VDOM device appears again because the underlying logs still exist.
That means that when you delete a VDOM from the GUI, only the device is deleted and not the related logs.
Solution
The easiest solution is to delete VDOM and the related logs from CLI. Of course, you have to be sure that VDOM does not exist in the firewall. Deleting a VDOM device from CLI will also delete the log files associated with that VDOM.
exec log device vdom list fgt1500D Device name:FIREWALL-DC. |-------id:0, name:VD_CLOUD |-------id:1, name:VD_PRDDMZ |-------id:2, name:VD_INFRA |-------id:3, name:VD_SITEB |-------id:4, name:VD_VPN |-------id:5, name:root (*** can not be deleted ***)
When you identified the VDOM to delete, execute the following command:
exec log device vdom delete fgt1500D VD_VPN This command will delete Vdom:'VD_VPN' and its log files from device 'fgt1500D'. Do you want to continue? (y/n): y Vdom:'VD_VPN' and its log files were deleted from Device 'FG1K5D3I15802393' successfully. Vdom:'VD_VPN' and its log files were deleted from Device 'FG1K5D3I15802394' successfully.
As result, the VDOM device in FAZ is correctly deleted, including the related logs files. it will not reappear again.