Recently we bought a FortiGate-200D VPN box. I have more good things than bad things to say about this device.
Long story short. I had to remove some users and because of some voodoo type of problem I couldn't do it from UI (I will contact their support that's for sure), so I had to do it from CLI. Who worked with Citrix Netscalers will find FortiGate's CLI a piece of sh!t (documentation makes no exception), but that's a different story.
- To display one or all users
[codesyntax lang="bash"]
fgw # config user local fgw (local) # get | grep john.doe fgw (local) # get john.doe fgw (local) # get
[/codesyntax]
- To delete a user
[codesyntax lang="bash"]
fgw # config user local fgw (local) # delete john.doe
[/codesyntax]
Note: When you're receiving an error like the one bellow the user is attached to one or more user groups.
The entry is used by other 1 entries
Command fail. Return code -23
In order to remove the user you have two options:
- CLI:
- UI:
You will have to login to the FortiGate webinterface, navigate to User & Device > User definition, edit john.doe and uncheck Add this user to groups
[codesyntax lang="bash"]
fgw # config user group
fgw (group) # show
config user group
edit "ssl-vpn_office_users"
set member "user1" "user2" "john.doe" "user4" "user5"
next
end
fgw (group) # edit "group_name"
fgw (group_name) # set member "user1" "user2" "user3" "user4"
fgw (group_name) # next
fgw (group) # end
[/codesyntax]