FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
VinayHM
Staff
Staff
Article Id 268276
Description This article describes how to convert a FortiGate configuration file without the FortiConverter portal.
Scope FortiGate v7.4.0 and above.
Solution
  • Starting from v7.4.0 this new feature has been introduced to FortiGate.
  • This feature requires an active FCSS contract. It can be confirmed using the command below:

 

diagnose sys forticonverter eligibility-status

 

In case of license is not updated, Manually trigger the update as below :


diagnose sys forticonverter update-eligibility
Eligibility status update requested...

diagnose sys forticonverter eligibility-status

diagnose sys forticonverter result-availability

 

Note: 

The source and destination firewall should be under the same FortiCare account and should have internet access for a successful migration. The target FortiGate must also have a valid FortiConverter license.

 

  • After logging in to the GUI of the FortiGate device, the following screen appears.

 

kaurg_FTNT_0-1734632229281.png

 

  • Proceed by following the steps outlined in this guide: FortiConverter in the GUI to complete the migration.
  • This communication between FortiConverter and FortiGates is via API calls.
  • This new feature is handled by process cloudapid, which integrates with cloud APIs.
  • Local Traffic logs will show an outbound HTTPS polling connection to api.forticloud.com.

 

kaurg_FTNT_1-1734632229283.png

 

  • Once the feature is enabled, FortiGate will periodically check with FortiConverter for any open tickets requesting configuration. If no new tickets are found, or if the feature was enabled by mistake, it can generate excessive logs.
  • Follow the command to disable the feature, which will stop the generation of local logs:           

 

config system global

    set forticonverter-config-upload disable

end

 

  • The same can done via GUI. Go to System -> Settings -> Start Up Settings. Then deselect'Allow FortiConverter to obtain config file once.

 

kaurg_FTNT_2-1734632229284.png