01-28-2016 07:25 AM
I was able to reproduce the exact same issue.
If you are not a non vsys firewall and on a previous version with GP Config, as soon as you move to 7.0.X, it creates a corresponding SSL/TLS profile under vsys config. Now this cannot be accesses via GUI or CLI.
Here is what you can do to get rid of it.
1. Create a similar SSL/TLS profile under shared hierarchy but with a different name. Bind the same certificate as the previous one.
2. Change the SSL/TLS profile binded to the Portal and Gateway configs to this new one.
3. Delete the SSL/TLS profile using either of below methods:
a) Export and delete config
i. Export this candidate config using config snapshot to your PC.
ii. Go to the SSL/TLS profile under shared hierarchy and delete the profile. Save the file
iii. Reimport this config into firewall and load the config, and then commit
b) Using XML APIs
i. Generate XML API Key using a broswer tab: https://<hostname>/api/?type=keygen&user=<username>&password=<password>
ii. Note the keyvalue. Use this in the next step
ii. Copy the following URL in the browser: https://<hostname>/api/?type=config&action=delete&key=<keyvalue>&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ssl-tls-service-profile/entry[@name='GP_GD_Chained_2019-ssl-tls-service-profile']
