Recently we bought a FortiGate-200D VPN box. I have more good things than bad things to say about this device.
Long story short. I had to remove some users and because of some voodoo type of problem I couldn’t do it from UI (I will contact their support that’s for sure), so I had to do it from CLI. Who worked with Citrix Netscalers will find FortiGate‘s CLI a piece of sh!t (documentation makes no exception), but that’s a different story.
- To display one or all users
fgw # config user local fgw (local) # get | grep john.doe fgw (local) # get john.doe fgw (local) # get
- To delete a user
fgw # config user local fgw (local) # delete john.doe
Note: When you’re receiving an error like the one bellow the user is attached to one or more user groups.
The entry is used by other 1 entries
Command fail. Return code -23
In order to remove the user you have two options:
You will have to login to the FortiGate webinterface, navigate to User & Device > User definition, edit john.doe and uncheck Add this user to groups
fgw # config user group fgw (group) # show config user group edit "ssl-vpn_office_users" set member "user1" "user2" "john.doe" "user4" "user5" next end fgw (group) # edit "group_name" fgw (group_name) # set member "user1" "user2" "user3" "user4" fgw (group_name) # next fgw (group) # end