FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JNDias
Staff & Editor
Staff & Editor
Article Id 248186
Description This article describes how to move a FortiGate that is already deployed to FortiGate Cloud to another account and retain its historical data.
Scope FortiGate, FortiGate Cloud, and FortiCare.
Solution

Requirements before proceeding:

  • Have admin access to the FortiGate, as well as both the source and destination migration FortiCloud and FortiGate Cloud accounts.
  • Be a master account user.
  • Log migration is only supported within the same FortiGate Cloud region.

 

Migrating FortiGate to a different FortiGate Cloud account:

From the FortiGate Cloud portal:

  1. FortiGate Cloud 'Assets'/'Network Overview'.
  2. Select the gear icon on the line of the FortiGate to migrate.

 

JNDias_0-1678091218086.png

 

  1. Select 'Migrate Existing Data'.

     

    JNDias_1-1678091228108.png

     

  2. Enter the email of the destination 'FortiGate Cloud' main account and submit. The data will be migrated.

     

    JNDias_2-1678091249520.png

    JNDias_3-1678091261738.png

     

  3. Go to FortiGate and reactivate FortiGate Cloud using the main account email for the destination FortiGate Cloud account in the CLI command:

     

execute fortiguard-log login <destination account email> <password>

 

  1. The device joins the destination FortiGate Cloud account in the same region (US | Europe | Global) as it had in the source FortiGate Cloud Account. All of the logs will now be available in the destination FortiGate Cloud account.

 

To specify a particular region, run the following command on the FortiGate:

 

     execute fortiguard-log login <destination account email> <password> <US | EUROPE | GLOBAL>

 
Note: After logging in to the destination account, logs are no longer visible in the source account.

 

Three choices are available in version 25.2a of FortiGate Cloud for handling historical data:

  1. Transfer to destination account: All historical data will be forwarded to the new destination email account.
  2. Remain in the original account: Historical logs can be viewed from the source account using this article: Technical Tip: Obtaining logs of undeployed FortiGate from FortiGate Cloud.
  3. Delete all history data: Removes all the previous logs.

 

Note: In the FortiGate Cloud v25.3.0, the option to transfer is in Dashboard -> Actions -> Asset Transfer.

 

image.png

 

  • For FortiGate clusters, each cluster member has to be moved individually.
  • FortiCloud keys cannot be used to move a FortiGate from one account to another if the FortiGate already exists in one FortiCloud account.
  • Migrating logs between different FortiGate Cloud regions is not supported.


After FortiGate Cloud migration, the device is still registered to the previous Asset Management Portal. 
The process above only affects FortiGate Cloud logging and central management. The license and any support contracts are still associated with the Asset Management Portal in the existing FortiCloud account. If an administrator logs out of FortiGate Cloud and later attempts to log in to FortiGate Cloud from the GUI, the account shown will be the current FortiCloud account ID. To reconnect to the destination FortiGate Cloud account, use 'execute fortiguard-log login' as in step 5.

 

If the FortiGate is moved to FortiGate Cloud but not to FortiCloud, there will be a 'FortiCloud Migration' notification visible next to the device in the new FortiGate Cloud portal. This is expected and informs the FortiGate Cloud administrator that the device license is still registered to a different account.

 

Asset Registration Notification.png

 

No action needs to be taken unless asset management should also be transferred, including licenses and support contracts. To transfer these, see this document: Transfer a device to another FortiCloud account.