Skip to main content
Paul_S
Paul_S
New Member
June 8, 2015
Solved

FortiConverter 4.6 - SSL.root and VPN_Interfaces

  • June 8, 2015
  • 3 replies
  • 5539 views

when converting FGT > FGT and mapping the interfaces, the SSL.root is not the destination interface list box. Also what do I match phase-1 VPN interfaces to?

 

Do I even need to convert my config at all if I do a FG200B (5.2.3) to a FG200D (5.2.3)???

    Best answer by ede_pfau

    Wishful thinking - the 200D will reject the 200B config file. Just try it.

     

    But there is a trick to do it anyway:

    - backup the (factory-reset) config of the 200D

    - take a copy of the old config file of the 200B

    - replace the first 3 lines in the config file

    - now it states that the config is coming from a 200D

     

    You can now restore that config file to the 200D. You might run into minor issues if

    - interface names do not match between models

    - switch ports were configured to be single independent ports

     

    To check for import errors, open the CLI and  type 'diag deb conf read'. Work your way through the messages until none remains.

    3 replies

    gschmitt
    gschmitt
    New Member
    June 12, 2015

    Assuming the 200D is not yet in use you might simply try importing the 200B's config.

     

    If you see any errors simply execute factoryreset on the device.

     

    Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did

    Paul_S
    Paul_SAuthor
    New Member
    June 12, 2015

    gschmitt wrote:

    Assuming the 200D is not yet in use you might simply try importing the 200B's config.

     

    If you see any errors simply execute factoryreset on the device.

     

    Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did

    awesome! I was hoping someone would tell me the config might import into the FG200D without too much trouble.

    ede_pfau
    SuperUser
    ede_pfauAnswer
    SuperUser
    June 13, 2015

    Wishful thinking - the 200D will reject the 200B config file. Just try it.

     

    But there is a trick to do it anyway:

    - backup the (factory-reset) config of the 200D

    - take a copy of the old config file of the 200B

    - replace the first 3 lines in the config file

    - now it states that the config is coming from a 200D

     

    You can now restore that config file to the 200D. You might run into minor issues if

    - interface names do not match between models

    - switch ports were configured to be single independent ports

     

    To check for import errors, open the CLI and  type 'diag deb conf read'. Work your way through the messages until none remains.

    mickstrick_FTNT
    Staff
    mickstrick_FTNT
    Staff
    June 30, 2015

    The interfaces in the drop down lists are common physical interfaces from a predefined list. They are not read from the source configuration file.

     

    You can simply type the name of the interface if it is not in this list. You may find typing names easier than scrolling through the list, anyway.

     

    Unless you specifically want to, virtual interface names may remain the same. Associated interface values are updated by any new physical interface mapping configured.

    Terms & ConditionsAccessibility statement