Requirements before proceeding:

• Have admin access to the FortiGate, as well as both the source and destination migration FortiCloud and FortiGate Cloud accounts.
• Be a master account user.
• Log migration is only supported within the same FortiGate Cloud region.

Migrating FortiGate to a different FortiGate Cloud account:

From the FortiGate Cloud portal:

1. Assets -> Assets list.
2. Select the required FortiGate/s to migrate to the new FortiGate Cloud account.

3. Select Actions -> Asset transfer. The asset transfer overview page will open. Under the Send tab, select the '+' symbol next to Transfer and select the FortiGate/s, destination email (the new FortiGate Cloud account), and select the desired option for historical data retention (if the older logs are required on the new account, select 'Transfer to Destination account').

    

   

    

Three choices are available in version 25.3a of FortiGate Cloud for handling historical data:

Transfer to destination account: 

All historical data will be forwarded to the new destination email account.

Remain in the original account:

 Historical logs can be viewed from the source account using this article: Technical Tip: Obtaining logs of undeployed FortiGate from FortiGate Cloud

Delete all history data: Removes all the previous logs.

Note: If the FortiGate has been moved to a new account with the option to retain existing logs under the old account ("Remain in the original account" ), a separate log storage instance is created. At this time, there is no support for merging multiple log storage instances.

In this scenario, please raise a technical support ticket to assist with moving the placeholder unit (which contains the old log data) to the new account. While the FortiGate and the placeholder unit would still be treated as two separate devices, the logs would be consolidated under a single account.

After migrating to the new FortiGate Cloud and FortiCloud account (including license and support transfers), the log retention subscription will apply to the new placeholder device's serial number (e.g., U00). Once the current subscription expires, renewing under the new account will ensure continuity of log retention. The system will automatically associate the new subscription with the correct serial number, preserving access to the past year’s logs, including those linked to the placeholder unit. To view the logs from the placeholder unit, enable the 'RMA'd and Deprovisioned' unit/s option.

If the option selected above was the 'Transfer to destination account', log in to the destination account (new FortiGate Cloud account) and under Assets -> Asset list -> Actions -> Asset transfer overview, select the receive tab, and the asset transfer request from the old account should be visible. Just hit accept at this stage.

Note: After logging in to the destination account, logs are no longer visible in the source account. The historical log data should populate in the new account.

4. Go to FortiGate and reactivate FortiGate Cloud using the main account email for the destination FortiGate Cloud                  account in the CLI command

execute fortiguard-log login <destination account email> <password>

5. The device joins the destination FortiGate Cloud account in the same region (US | Europe | Global) as it had in the source FortiGate Cloud Account. All of the logs will now be available in the destination FortiGate Cloud account.

    

To specify a particular region, run the following command on the FortiGate:

execute fortiguard-log login <destination account email> <password> <US | EUROPE | GLOBAL>

• For FortiGate clusters, each cluster member has to be moved individually.
• FortiCloud keys cannot be used to move a FortiGate from one account to another if the FortiGate already exists in one FortiCloud account.
  
• Migrating logs between different FortiGate Cloud regions is not supported.

After FortiGate Cloud migration, the device is still registered to the previous Asset Management Portal. The process above only affects FortiGate Cloud logging and central management. The license and any support contracts are still associated with the Asset Management Portal in the existing FortiCloud account. If an administrator logs out of FortiGate Cloud and later attempts to log in to FortiGate Cloud from the GUI, the account shown will be the current FortiCloud account ID. To reconnect to the destination FortiGate Cloud account, use 'execute fortiguard-log login' as in step 4.

No further action needs to be taken unless asset management should also be transferred, including licenses and support contracts. To transfer these, see this document: Transfer a device to another FortiCloud account.