Description
This article explains the use of the 'exec migrate' command on FortiAnalyzer/FortiManager to help with migrating configurations between models (since configuration backup files are model-specific). It may also be used in the RMA procedure.
Scope
FortiManager and FortiAnalyzer.
Solution
Some common migration scenarios that this command helps with:
- Upgrading to a larger appliance.
- Moving configurations between a physical appliance and either VM or Cloud environments (or vice versa).
- Recovering from the loss of administrative passwords (see related article).
Other Considerations (not directly covered by this article):
- When migrating between VMs, the VM license can also be transferred to the new VM (see related article). The command 'exec restore' can often be used in place of 'exec migrate' when copying over the configuration.
- If the public-facing IP of the FortiAnalyzer or FortiManager is also changing, FortiGates need to be re-pointed to the new IP address (see related article for pointing to a new FortiManager).
- If the FortiAnalyzer is being managed by FortiManager, disconnect the FortiAnalyzer prior to migration. And then reconnect it again after the migration is complete.
Command Usage:
To help loading the configuration onto a different model of FortiAnalyzer/FortiManager:
execute migrate all-settings <ftp/scp/sftp> <server ip> <filename> <username> <password>
It allows all configurations in the configuration file to be loaded except for system settings (see below).
Requirement:
The configuration file should be loaded onto a VM/appliance running the same firmware as the original VM/appliance when the configuration was backed up.
System Settings:
System settings will remain as they were prior to loading the configuration file. If the system settings need to be copied from the original model, they are viewable from the CLI and can be copied manually between models.
If the configuration file to be copied over, is for multiple ADOMs, make sure to enable ADOM in the new VM before using the migrate command.
Logs:
Any logs must be backed up and restored independently of the configuration file.
exec backup logs
exec restore logs
FortiGate config adjustment:
Once loaded the new FortiAnalyzer config and or FortiManager config adjusting the FortiGate config will be needed.
This can be done using the below batch CLI command:
Changing FortiManager config:
exe batch start
config system central
set fmg 'new FMG IP if needs be'
set serial 'new FMG serial'
end
exe batch end
Claim the tunnel from FortiManager CLI using the below syntax once done:
exe fgfm reclaim-dev-tunnel <device_name>
devicename <- Optional device name.
Changing FortiAnalyzer config:
exe batch start
config log fortianalyzer setting
set server 'new FAZ IP if needs be'
set serial 'new FAZ serial'
end
exe batch end
References:
Also, see the FortiManager Admin / Online guide in the chapter: System Settings -> Dashboard -> System Information widget -> Migrating the configuration.
Related articles:
Technical Note: Management IP for Fortinet VM products.
Technical Note: Pointing the FortiGate to a new FortiManager IP.
Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lo....
Technical Tip: How to migrate a FortiAnalyzer logs and config to a new system after RMA or a FortiAn....
