Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
tnesh
Staff
Staff

Created on ‎12-30-2022 02:43 AM Edited on ‎03-07-2024 09:31 PM By Community Manager

Article Id 241472

Technical Tip: Migrating FortiManager/FortiAnalyzer to a different platform

Description

This article describes how to migrate FortiManager or FortiAnalyzer to a different platform.

This article's steps are intended for migration between different platforms such as a different hardware model, different VM environments, or from hardware to a VM.
Scope FortiManager, FortiAnalyzer.
Solution

Note:

In the case of migrating between VM environments, 'exec restore' can be used instead of 'exec migrate' to load the configuration.  This allows for system settings to be copied over.

  1. Have the necessary, valid licenses prepared (for VMs).
  2. System-level settings will not be migrated (when using 'exec migrate').
  3. This article will migrate from FortiAnalyzer-200F to FortiAnalyzer-KVM as an example.

 

Migrating to different platform:

 

  1. Take a backup of the current configuration and place it in an FTP server.

 

execute backup all-settings {ftp | sftp} <ip:port> <path/filename> <username> <password> <crptpasswd>

 

For example:

 

exe backup all-settings sftp 192.168.1.100:22 /home/fortinet/Downloads/ username password backup-file-pwd
Starting backup all settings in background, Please wait.

# Starting transfer the backup file to SFTP server...
Transferred 172.386M of 172.386M in 0:00:10s (16.262M/s)
Backup all settings...Ok.
MD5: 318724e725f0050ec071bd86cd89a11d

 

Note:

 It is mandatory to enter password <crptpasswd> for the backup file in latest firmware version

 

  1. In the current device, go to the GUI, go to System Settings -> Network -> DNS -> Change the IP to any dummy IP address to prevent it from resolving.
    Note: This step is only applicable when migrating between VM platforms.

 

tnesh_0-1672365301458.png

 

  1. Deploy a new VM instance with the same firmware version as the current device.
  2. Once the new instance is up, configure the system level settings:
  • Network interface.
  • Static route.
  • Enable ADOM (if applicable).
  1. Download the license file from the support portal. Technical Tip: How to reuse FortiManager/FortiAnalyzer VM license.
  2. In the new instance, log in to the GUI and go to System Settings -> Dashboard -> License Information -> VM License -> Upload the downloaded license file in step (5).

 

tnesh_1-1672368696679.png

 

  1. Migrate data and settings from the old device by running the following command in the new instance (System level settings will not be migrated):

execute migrate all-settings <ftp/scp/sftp> <server ip> <path/filename> <username> <password> <crptpasswd>

 

For example:

 

exe migrate all-settings sftp 192.168.1.100:22 /home/fortinet/Downloads/backup.dat username password backup-file-pwd

This operation will replace the current databases and reboot the system.
Make sure the following are true:
- This model has higher/equal capability than the backup, e.g.
device/adom limit, disk storage size.
- The backup database version is the same as the current version.
You may upgrade to a newer version after, but downgrade is NOT supported.
Do you want to continue? (y/n)y

Starting transfer the backup file from SFTP server...
Transferred 172.386M of 172.386M in 0:00:02s (60.163M/s)

 

  1. At this stage, a new instance will be running with the migrated settings from the old device.

 

Migrate Technical Tip: How to reuse FortiManager/FortiAnalyzer VM licenselogs and reports:

Technical Tip: Backup and restore of FortiAnalyzer settings, logs and reports.

 

  1. Backup logs from the old FortiAnalyzer to the FTP server:

 

execute backup logs <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>


execute backup reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

 

  1. Restore the logs from the FTP server into the new FortiAnalyzer:

 

execute restore logs <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>


execute restore reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

 

  1. Rebuild the SQL DB in the new FortiAnalyzer. The following command will reboot FortiAnalyzer and the DB rebuild process will be running in the background.

    Rebuild the DB:

 

execute sql-local rebuild-db

 

Check the rebuild status:


diag sql status rebuild-db

 

Once the DB rebuild has been completed, navigate to Longview and verify the analytics logs.

 

Update FortiGate configuration settings:

Point FortiGate to the new instance with the steps below and restart the respective FortiGate daemon:

 

For FortiAnalyzer:

  1. Run the following CLI command in FortiGate to point it to the new instance:

 

exe batch start

config log fortianalyzer setting

set server <<new FAZ IP address>>

set serial <<new FAZ serial number>>

end

exe batch end

 

  1. Run the following CLI command in FortiGate to restart the daemon:

 

fnsysctl killall miglogd

 

For FortiManager:

  1. Run the following CLI command in FortiGate to point it to the new instance:

 

exe batch start

config system central-management

set fmg <<new FMG IP address>>

set serial-number <<new FMG serial number>>

end

exe batch end

 

  1. Run the following CLI command in FortiGate to restart the daemon:

 

fnsysctl killall fgfmd

 

Related articles:

Technical Tip: Using exec migrate to migrate to a new FortiAnalyzer/FortiManager model

Technical Tip: How to migrate a FortiAnalyzer logs and config to a new system after RMA or a FortiAn...
4366
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.