Can't remove vsys specific SSL TLS Service Profile

L5 Sessionator

Re: Can't remove vsys specific SSL TLS Service Profile

Whatever changes that you will do will be reverted back once you disable multivsys. Atlease you will have a config back before changes you can revert back.


Or else try to export the config file and try to delete it from the file then upload it. This I have tried with two firewall and it worked.

L4 Transporter

Re: Can't remove vsys specific SSL TLS Service Profile

I was able to reproduce the exact same issue.


If you are not a non vsys firewall and on a previous version with GP Config, as soon as you move to 7.0.X, it creates a corresponding SSL/TLS profile under vsys config. Now this cannot be accesses via GUI or CLI.


Here is what you can do to get rid of it.


1. Create a similar SSL/TLS profile under shared hierarchy but with a different name. Bind the same certificate as the previous one.


2. Change the SSL/TLS profile binded to the Portal and Gateway configs to this new one.


3. Delete the SSL/TLS profile using either of below methods:

    a) Export and delete config

        i. Export this candidate config using config snapshot to your PC.

        ii. Go to the SSL/TLS profile under shared hierarchy and delete the profile. Save the file

        iii. Reimport this config into firewall and load the config, and then commit


    b) Using XML APIs

        i. Generate XML API Key using a broswer tab: https://<hostname>/api/?type=keygen&user=<username>&password=<password>

        ii. Note the keyvalue. Use this in the next step

        ii. Copy the following URL in the browser: https://<hostname>/api/?type=config&action=delete&key=<keyvalue>&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ssl-tls-service-profile/entry[@name='GP_GD_Chained_2019-ssl-tls-service-profile']



L3 Networker

Re: Can't remove vsys specific SSL TLS Service Profile

You nailed it.  Exporting the config, editing it and reimporting it worked like a charm.


I should've thought of that.  I've done it enough times during migrations.


I can't thank you enough for all the help and the work you've put into this.

L5 Sessionator

Re: Can't remove vsys specific SSL TLS Service Profile

Glad to know that It worked.

I have also mentioned the same in the comment that I have posted on 27-01-2016 10:57 PM.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!