Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Unable to delete VSYS if some internal configuration is bound to it.

0

0

Article ID: KB17523 KB Last Updated: 19 Jun 2010Version: 2.0
Summary:

With ScreenOS 6.2.0r5 (and later) and ScreenOS 6.3.0r1 (and later), deletion of a VSYS of is not possible if some internal configuration is bound to it. This is by design.

Symptoms:

After upgrading to ScreenOS 6.2r5 (or later) or ScreenOS 6.3r1 (or later), I am no longer able to delete the VSYS by using the following command (if some internal configuration is bound to it):

unset vsys <vsys-name>

The devices report the error below.  This used to work in previous releases.

Vsys: is currently in use


Example:

Let us explain this behavior using an example where the interface e1/2 is imported to the VSYS 'test', as in the following configuration:

nsisg2000-> get conf | inc ethernet1/2

set interface ethernet1/2 import
set interface "ethernet1/2" zone "Untrust"
set interface ethernet1/2 ip 1.1.1.1/24
set interface ethernet1/2 route
set interface ethernet1/2 ip manageable
set ike gateway "amit" address 2.2.2.2 Main outgoing-interface "ethernet1/2" preshare "sXqB95CHNdbFSdsFEuCB3alXAZni62VWZg==" sec-level standard


Now, an attempt to delete the VSYS is performed first in ScreenOS 6.2r5 and then in ScreenOS 6.1r6.
  • Attempt to delete VSYS in 6.2r5 by using the same configuration mentioned above:

  • nsisg2000-> get sys | inc software
    Software Version: 6.2.0r5.0, Type: Firewall+VPN

    nsisg2000-> unset vsys test
    vsys test can't be deleted due to interface ethernet1/2 ip is in use.
    Vsys: is currently in use

  • Attempt to delete VSYS in 6.1r6 by using the same configuration mentioned above:

  • nsisg2000-> get sys | inc software
    Software Version: 6.1.0r6.0, Type: Firewall+VPN

    nsisg2000-> unset vsys test
    VSYS unset, are you sure? y/[n] y

    nsisg2000->                                     >>> Notice here that the VSYS got deleted with out any issues with same configuration
Solution:

In case you are running ScreenOS 6.2r5 or later, 6.3r1 or later, in order to delete a vsys which has internal configuration bound to it, you have to first unset the internal configuration.

So, in the example above, in order to delete vsys test, first unset the configuration related to interface eth1/2. Then you will be able to delete vsys test.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search