Help
FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
kcheng
Staff & Editor
Staff & Editor

Created on ‎10-08-2025 09:52 PM Edited on ‎10-09-2025 07:49 AM By Staff

Article Id 414443

Technical Tip: FortiPAM/FortiSRA migration from one platform to another platform.

Description This article describes the requirements and steps for migrating a FortiPAM/FortiSRA configuration from one platform to another.
Scope FortiPAM, FortiSRA.
Solution

Configuration migration is required when migrating FortiPAM and FortiSRA from one platform to another. The configuration file of different virtualization platforms cannot be reused. Follow the following steps for the migration process:

 

Before backing up the configuration file from the source platform, ensure the following is done:

  • The source platform and target platform are in the same release. To check the release version, it is possible to check it via the Status dashboard or the CLI:

 

image.png

 

CLI: Issue the command 'get system status' to check:

 

FPAM # get system status
Version: FortiPAM-OPC v1.6.0,build1239,250423 (GA)
License: Active, seat 5, active seat 5, expiry date 2026-02-27
 

  • Enable maintenance mode before changing the TPM settings via GUI or CLI:

GUI: Navigate to the upper right corner, select the admin username for the dropdown menu, System -> Activate Maintenance Mode.

 

image.png

 


config system maintenance

set mode enable

end

 

  • Disable v-TPM for virtual platforms on the source platform if it has been configured on a supported platform.

 

config system global

set v-tpm disable

end

 

  • Disable Private Data encryption on the source platform:

 

config system global

set private-data-encryption enable

end

 

  • Ensure that the target platform has the user seat capacity to hold the source users. This information can be obtained from the output of 'get system status' highlighted above.
  • Ensure that the migration is from FortiPAM to FortiPAM, or FortiSRA to FortiSRA.

Back up the configuration file on the existing platform. Navigate to the upper right corner, select the admin username for the dropdown menu, Configuration -> Backup.

 

image.png

 

 

After obtaining the configuration backup file, open a Fortinet TAC support ticket via Fortinet Support Portal and upload the configuration file, requesting configuration migration by highlighting the source and destination platforms.

At this moment there is no tool for converting the entire configuration backup file from one platform to another.

 

Ensure that the following parameters are correctly changed according to the new platform:

 

config system interface

config router static <----- Optional if the source and the target are on the same network.

config firewall vip

config system ha

 

Import the configuration file reverted by the TAC support engineer into the targeted platform:

 

image.png

 

Navigate to the upper right corner, click on the admin username for the dropdown menu, Configuration -> Restore (FortiPAM needs to be in maintenance mode to upload the configuration file).
Labels:
115
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.