This article describes how to migrate FortiManager or FortiAnalyzer to a different platform.

These article's steps are intended for migration between different platforms such as a different hardware model, different VM environments, or from hardware to a VM.

Note:

In the case of migrating between VM environments, 'exec restore' can be used instead of 'exec migrate' to load the configuration.  This allows for system settings to be copied over. The license can run on 2 systems at the same time for a grace period of 7 days.

1. Have the necessary, valid licenses prepared (for VMs).
2. System-level settings will not be migrated (when using 'exec migrate').
3. This article will migrate from FortiAnalyzer-200F to FortiAnalyzer-KVM as an example. 

Config migration:

1. Take a backup of the current configuration:

• v7.4.3 and above: Go under Dashboard -> System Information widget -> System Configuration -> Backup.

• v7.4.2 and below:

execute backup all-settings {ftp | sftp} <ip:port> <path/filename> <username> <password> <crptpasswd>

For example:

exe backup all-settings sftp 192.168.1.100:22 /home/fortinet/Downloads/ username password backup-file-pwd
Starting backup all settings in background, Please wait.

# Starting transfer the backup file to SFTP server...
Transferred 172.386M of 172.386M in 0:00:10s (16.262M/s)
Backup all settings...Ok.
MD5: 318724e725f0050ec071bd86cd89a11d

Note: 

It is mandatory to enter password <crptpasswd> for the backup file in the latest firmware version.

2. In the current device, go to the GUI, go to System Settings -> Network -> DNS -> Change the IP to any dummy IP address to prevent it from resolving.

Note:

This step is only applicable when migrating between VM platforms.

3. Deploy a new Virtual Machine instance with the same firmware version as the current device.
4. Once the new instance is up, configure the system-level settings:
• Network interface.
• Static route.
• Enable ADOM (if applicable).

5. Download the license file from the support portal.

   Technical Tip: How to reuse FortiManager/FortiAnalyzer VM license

6. In the new instance, log in to the GUI and upload the license file:

• v7.4.x and above, go under dashboard -> License Information -> VM License -> Upload the downloaded license file in step (5).
• v7.2.x and below, go under System Settings -> Dashboard -> License Information -> VM License -> Upload the downloaded license file in step (5).

7. Migrate the data and settings from the old instance to the new instance (System-level settings will not be migrated):

• v7.4.3 and above: go under Dashboard -> System Information widget -> System Configuration -> Restore -> Migrate.
  
  

• v7.4.2 and below:

execute migrate all-settings <ftp/scp/sftp> <server ip> <path/filename> <username> <password> <crptpasswd>

For example:

exe migrate all-settings sftp 192.168.1.100:22 /home/fortinet/Downloads/backup.dat username password backup-file-pwd

This operation will replace the current databases and reboot the system.
Make sure the following are true:
- This model has higher/equal capability than the backup, e.g.
device/adom limit, disk storage size.
- The backup database version is the same as the current version.
You may upgrade to a newer version after, but downgrade is NOT supported.
Do you want to continue? (y/n)y

Starting transfer the backup file from SFTP server...
Transferred 172.386M of 172.386M in 0:00:02s (60.163M/s)

8. At this stage, a new instance will be running with the migrated settings from the old device:

Logs and reports migration: 

Technical Tip: Backup and restore of FortiAnalyzer settings, logs and reports

1. Backup logs from the old FortiAnalyzer to the FTP server:

execute backup logs <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

execute backup reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

2. Restore the logs from the FTP server into the new FortiAnalyzer:

execute restore logs <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

execute restore reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

3. Rebuild the SQL DB in the new FortiAnalyzer. The following command will reboot FortiAnalyzer and the database rebuild process will be running in the background.

• Rebuild database:

execute sql-local rebuild-db

• Check rebuild status:

diag sql status rebuild-db

4. Once the database rebuild has been completed, navigate to LogView and verify the analytics logs.

Update FortiGate configuration settings:

• Point FortiGate to the new instance with the steps below and restart the respective FortiGate daemon.

For FortiAnalyzer:

1. Run the following CLI command in FortiGate to point it to the new instance:

exe batch start

    config log fortianalyzer setting

        set server <<new FAZ IP address>>

        set serial <<new FAZ serial number>>

end
exe batch end

2. Run the following CLI command in FortiGate to restart the daemon:

fnsysctl killall miglogd

For FortiManager:

1. Run the following CLI command in FortiGate to point it to the new instance:

exe batch start

    config system central-management

        set fmg <<new FMG IP address>>

        set serial-number <<new FMG serial number>>

end

exe batch end

2. Run the following CLI command in FortiGate to restart the daemon:

fnsysctl killall fgfmd

3. Run the following CLI command in FortiManager to reclaim the FGFM tunnel:

execute fgfm reclaim-dev-tunnel   --> For all managed FortiGates.

execute fgfm reclaim-dev-tunnel <device_name> force --> For specific FortiGate.

Related articles:

Technical Tip: Using exec migrate to migrate to a new FortiAnalyzer/FortiManager model

Technical Tip: How to migrate a FortiAnalyzer logs and config to a new system after RMA or a FortiAn...