Skip to main content
genisi
genisi
New Member
October 8, 2025
Question

Copy config from a different model Fortigate : Local username/passwords?

  • October 8, 2025
  • 1 reply
  • 705 views

Obviously local passwords are encrypted. If you were to copy the config from one model Fortigate I would assume a different model Foritgate won't like those encrypted passwords?

Is it the case that you would have to redo all local username/passwords on the new Fortigate? How does Fortinet do it when upgrading Fortigates with their conversion service?

thanks!

1 reply

GeorgeZhong
Staff & Editor
GeorgeZhong
Staff & Editor
October 8, 2025

Hi @genisi ,

 

The encryption algorithm of different FortiGate model is different, which means we cannot copy the encrypted password string between them. In this case, if we choose to manually copy the configuration, we need to redo all passwords on new FortiGate.

 

For the FortiConverter service, only the default admin account password will be reset for security purpose. In general, encrypted secret data, credentials, e.g., VPN pre-shared keys, certificates, local users, and admin passwords, will remain valid after cross model migration as long as the FOS version is above 5.6.

 

Reference:

 

https://docs.fortinet.com/document/forticonverter-service/25.1.0/online-help/117818/fortigate-configuration-migration

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Authentication-failure-after-migrating-to/ta-p/363183

 

Regards,

George

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
October 8, 2025

We so far had no problem moving the hashed passwords and PSKs around between models. I'm currently working on customer VDOM migrations from 1500Ds to 1000Fs.
Just copy&paste is working for "config sys admin" and "config vpn ipsec phase1-interface". By the way both sides have the same version though.

And, even if you have some doubt, you can easily test it yourself if you have two models of FGTs.

Toshi

    Terms & ConditionsAccessibility statement