This article describes how to use the new interface migration wizard introduced in FortiOS 7.0 to bypass the usual limitations where VLAN interfaces configured with a large number of references take a lot of time to migrate from one interface to another. This is because every reference has to be moved individually.

The interface migration wizard migrates the references from a physical interface to either an aggregate interface, redundant interface, or software switch, but is disabled for VLAN interfaces by default. This article describes how to migrate the VLAN interfaces along with references from the Parent Interface to the FortiLink interface.

Note:

This feature does not support turning an aggregate, software switch, redundant, zone, or SD-WAN zone interface back into a physical interface.

FortiGate is Configured with 3 VLANs (Vlan60, Vlan80, and Vlan100), and all VLANs are configured under interface port17. All VLANs have some references used for Policies, Address Objects, Static routes, or VIPs.

Warning:

Take a config backup of the FortiGate before migrating the interfaces and schedule the changes during a Maintenance window. Avoid accessing the FortiGate with the same interface to avoid being locked out.

For Individual VLAN Interfaces, the option to integrate the interface is disabled.

However, the Parent Interface (Port17) has the option to be migrated. Migrating this parent interface will migrate all of the child VLAN interfaces to the desired FortiLink interface or any other aggregate interfaces, redundant interfaces, or software switches.

Select Migrate to Interface and select 'Next'.

Select the target interface. In this example, FortiLink is selected. After, select 'Next'.

Review the objects to be migrated. In this example, all three VLANs are listed. After, select 'Apply' and then 'OK'.

Entries will be successfully updated, meaning it will be time to close the wizard and verify the migrated objects.

 
As shown, all three VLANs were successfully migrated under FortiLink with all references.

 
If the old Parent interface (Port17) is no longer required to be a part of FortiLink, it can be removed by selecting the cross button and selecting 'OK'. After that, port 17 can be used for any other purpose.

Note:

To migrate individual VLAN interfaces instead of all then the reference below can be followed and this will require a maintenance window as well.

Related articles: