Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmarcuccetti
Staff
Staff

Created on ‎05-10-2009 09:41 AM Edited on ‎09-03-2024 10:59 PM By Community Manager

Article Id 197247

Technical Tip: How to load/convert a FortiGate configuration file from one unit to another (file conversion for a different model)

Description


This article describes how to import the configuration file from one FortiGate to a different FortiGate or firmware.

 

Scope

 

FortiGate.

 

Solution

Fortinet Support for the import of a configuration file between different hardware models or firmware versions.

It is only officially supported to import configuration files between the same hardware model and firmware version. 

This is because there can be configuration syntax differences between firmware versions as well as hardware models. For example, prior to FortiOS 6.4, SD-WAN is configured under 'config system virtual-wan-link', while in 6.4 and newer it's under 'config system sdwan'.

In addition, the interface mappings and other features may not be the same across different hardware models. Attempting to import such a configuration can have unexpected consequences and may not function as desired.

Fortinet Technical Support does not provide support for modified configuration files that were initially from another FortiGate (for example, changing the interface names in the config file to match the newer FortiGate model), however parts of the configuration can be restored manually by copying the required configuration parts from the old backup configuration file to new configuration file (for example, address objects or some other settings).

Recommended Solution:It is recommended that the FortiConverter service is used for this task.

The FortiConverter service is sold as a one-time service to convert a third-party or older FortiOS configuration to the latest FortiOS for the new FortiGate.
The FortiConverter service offers the possibility to convert the configuration correctly and is the only supported way the configuration can be migrated automatically. For more information regarding FortiConverter please see the following documents:

Data sheet

FAQ

 

Manual Conversion:

Another possible option would be to manually configure the new FortiGate appliance from factory default settings, by referencing to the settings on the other unit.

However, keep in mind that converting the configuration in such a way can be error prone, as with any other process done manually.
The configuration file from the FortiGate can be viewed from any text editor such as Notepad, vi or Notepad++.

 

Note:

Refrain from using rich text editors (Microsoft Word, Wordpad, ...) as their formatting features may re-encode ASCII characters into different encodings and create unreadable configuration parts with hard to spot errors (example hyphen ‘-’ vs. ‘‐’).

  1. Open the backup configuration file from the previous and different FortiGate.
  2. Download a backup of a new configuration file from the new unit. On FortiGate Admin -> Configuration -> Backup.
  3. Copy the first four lines from the factory default configuration file, which include config-version, conf_file_ver, buildno, and global_vdom. Then, paste and replace these lines in the backup of the previous configuration file.
    Note: If the source FortiGate has a disk and the destination FortiGate is a non-disk model, remove 'config system storage' and 'config log disk setting' configuration section from the previous configuration file.  Make sure that all interface names correspond to the new unit. 
    For example, the previous unit may have had a 'Wan1' interface however the new device has a 'Port1' interface, it is critical to make sure these correspond.Save the new configuration file under a new .conf file. This step is mandatory otherwise when reloading the new configuration file the error message 'configuration file error' will be displayed on the web based interface.
  4. Verify which user admin account was used when saving the configuration file.
    Reloading a configuration that was saved under a super_admin account to a simple admin account will display the error message invalid username or password on the web based interface.
  5. On the new FortiGate , go to Admin -> Configuration -> Restore, and upload the edited config file to the new unit. 
    The unit restarts automatically.
  6. Test the configuration.
  7. Run 'diag debug config-error-log read' to see if there were any import errors.

It must be noted that modifying .conf files in this manner will not ensure that all profiles will be saved.
This is particularly true if this procedure is used for .conf files being used on different versions of FortiOS.

 

Related Document:

Migrating a FortiGate configuration manually using configuration files 

Labels:
153437
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.