Skip to main content
Ydaew
Ydaew
New Member
June 25, 2019
Question

Import policies to fortigate FW

  • June 25, 2019
  • 2 replies
  • 12953 views

Hello,

Is it possible to prepare all required policies using CSV file and then during migration import those policies ?

If not what is the best way to prepare the configuration and then migrate it in the migration phase?

 

Thanks in advance

    2 replies

    Alexis_G
    Alexis_G
    New Member
    June 25, 2019

    NO !!!

    if you are speaking of migration

    you need export the configuration.

    first install objects & services via cli or script

    then routes or all other dependencies mentioned in policies vi cli or script.

    then the policies in the same way you took the export BUT you need to remove the UUIDs of all the parts of configuration.

    IMPORTANT: The interface mapping is the same between the current and new box.

    IMPORTANT: if you are about to use different FortiOS there might be some changes in commands - compatibility.

     

    Ydaew
    YdaewAuthor
    New Member
    June 25, 2019

    Thank you so much, as i mentioned before we don't have previous firewall installed. i just want to minimize the working time when the hardware is installed by preparing most things.

     

    Dave_Hall
    Dave_Hall
    New Member
    June 25, 2019

    If you are planning to upgrade an existing fgt device, perhaps you may have better luck following the upgrade path.  Otherwise, the FortiConverter may be your best bet, assuming you want to import a set of firewall rules from another (supported) FW/UTM plateform to Fortigate.  

     

    If migrating from one fgt model to another, Fortinet does not support this method, but provides the steps on doing it here.

    Ydaew
    YdaewAuthor
    New Member
    June 25, 2019

    Thank you so much, actually no previous firewall is exist. I just want to prepare as much as i can so minimize the working time once the hardware installed up and running.

    sw2090
    SuperUser
    sw2090
    SuperUser
    June 26, 2019

    hm I never checked if FortiOS would undestand csv. I don't think so.

    What it does understand is its cli syntax.

    And as of my own erxperience it is way faster to create policies in cli in text editor and then import this to FGT then to create them in gui. 

    The only disadvantage affects debugging: if you bulik import it via system->settings and there is some error you will only get "Failed" as a result :\

    If you copy to cli you should create the cli config without using tabs or whitespaces. I repeatedly had problems with that upon copiying to cli even if I copied from a config file I exported from a Fortigate.

    Terms & ConditionsAccessibility statement