Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kevin_Shanus
New Contributor III

200D to 200E - Easiest way to migrate / upgrade ?

Hello Folks,

 

We have a 200D and just purchased a 200E. One thing I noticed is that the 200E doesn't have a "hardware" switch. Can I take a backup of the 200D config, edit the interfaces and restore it to the 200E? 

 

Any feedback to assist me with this migration would be appreciated. 

 

Thanks

5 REPLIES 5
Daniel_FTNT
Staff
Staff

Hi Kevin,

 

your are right, you won't be able import your 200D config out-of-the-box.

But you have a couple of options:

- Use the FortiConverter Service (one-time offer since E-Series) for your new 200E to get the .conf file migrated if you want to keep your setup the same. You may also buy the whole software tool if you have that use-case more often.

- edit the whole thing yourself using the default config and match the interfaces, hardware, software-switches etc. This might be time consuming.

- I like to use a migration as an opportunity to clean up a little and straighten up the whole setup (since you do a downtime anyway aren't you?) - you can copy the most obnoxious part of your config like objects and default settings (might need to edit some interface names) and do a clean re-build of things you might are happy to get cleaned up. Might throw in some scripting here and there.

 

BR

Daniel

GusTech

Did this with a 100d to 100e.

Updated both boxes to same FW and merged the config manually step by step with all interfaces and policy. Did use a compare editor to have control of the changes.

Had around 100vlans and 200 policy++

Fortigate <3

Fortigate <3
Dave_Hall
Honored Contributor

Kevin Shanus wrote:

Can I take a backup of the 200D config, edit the interfaces and restore it to the 200E? 

Providing both units are on the same firmware, this should work - you will need to replace the header line on the 200D config with one from a 200E config.  Since both models have different port configurations, it may be best to save a factory reset config from the 200E so you can see the port/interface differences via a text editor/compare tool. 

 

When you load the "revised" 200D config on the 200E, perform a diagnose debug config-error-log read after that first reboot to see what "messed" up and edit the config accordingly.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
GusTech

I would use the 200E clean config in the bottom for the new config and only add all the basic needed config from the 200D.

 

The diagnose debug config-error-log read Dave is reffering to are very nice to use. 

 

- When i did this in newer FortiOS i also needed to recreate the PreSharedKeys for all the tunnels. Newer needed to do that before.

Fortigate <3

Fortigate <3
Kevin_Shanus
New Contributor III

Thank you for all the suggestions. I went ahead with what Dave Hall suggested.

 

I built the interfaces/virtual switches in the 200E and backed up the config. I took a backup of the config on the 200D. I used notepad++ and added in the 64bit compare plugin but in this specific case I didn't use the plugin much. I just copied and pasted / replaced the interface information on the 200D as well as replaced the first line of its config. I restored it to the 200E and used the "diagnose debug config-error-log read" command and just had to make a couple of tweaks to the config. I went ahead and swapped the units in our maintenance window and we're using the 200E in production as I write this. I need to swap a 90D for an 80E next week and will use this same process.

 

Once again, thank you for all the quick and knowledgeable responses!

Labels
Top Kudoed Authors