FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article decsribes how to conduct migration from a non-fabric ADOM to a fabric ADOM in specific cases where FortiAnalyzer is added to FortiManager as a managed device.
Scope
FortiManager, FortiAnalyzer.
Solution
In this example:
FortiGates are added to adom_name ADOM in FortiManager and the ADOM type is FortiGate.
FortiAnalyzer is managed by FortiManager.
FortiGates are added to adom_name ADOM in FortiAnalyzer and the ADOM type is FortiGate.
FortiAuthenticator is added to the root ADOM in FortiAnalyzer.
Take a snapshot of both FortiManager and FortiAnalyzer before migration
Migrate adom_name ADOM from FortiGate to fabric in FortiManager:
execute migrate fabric <adom_name>
Migrate adom_name ADOM from FortiGate to fabric in FortiAnalyzer:
execute migrate fabric <adom_name>
If devices are required to move from root (fabric) to <adom_name> (fabric) in FortiAnalyzer, consider the following:
Remove the ADOM lock on FortiAnalyzer using the following command:
diagnose dvm adom unlock <adom_name>
For FortiAuthenticator, it must be added in the <adom_name> of FortiManager as model device. This will ensure that FortiAuthenticator will not be deleted if a refresh is conducted on devices in FortiManager.
diagnose dvm device list <- Ensure that FortiAuthenticator is showing.
FortiManager cannot be moved from the root ADOM to a new fabric <adom_name> ADOM.
Move the device from the root ADOM to <adom_name> within FortiAnalyzer.
When a device is moved from one ADOM to another, only the archive logs are transferred while the analytic logs remain in the original ADOM.
The analytic logs do not automatically appear in the new ADOM after the device is moved.
