Hello Folks,
We have a 200D and just purchased a 200E. One thing I noticed is that the 200E doesn't have a "hardware" switch. Can I take a backup of the 200D config, edit the interfaces and restore it to the 200E?
Any feedback to assist me with this migration would be appreciated.
Thanks
Hi Kevin,
your are right, you won't be able import your 200D config out-of-the-box.
But you have a couple of options:
- Use the FortiConverter Service (one-time offer since E-Series) for your new 200E to get the .conf file migrated if you want to keep your setup the same. You may also buy the whole software tool if you have that use-case more often.
- edit the whole thing yourself using the default config and match the interfaces, hardware, software-switches etc. This might be time consuming.
- I like to use a migration as an opportunity to clean up a little and straighten up the whole setup (since you do a downtime anyway aren't you?) - you can copy the most obnoxious part of your config like objects and default settings (might need to edit some interface names) and do a clean re-build of things you might are happy to get cleaned up. Might throw in some scripting here and there.
BR
Daniel
Did this with a 100d to 100e.
Updated both boxes to same FW and merged the config manually step by step with all interfaces and policy. Did use a compare editor to have control of the changes.
Had around 100vlans and 200 policy++
Fortigate <3
Kevin Shanus wrote:Can I take a backup of the 200D config, edit the interfaces and restore it to the 200E?
Providing both units are on the same firmware, this should work - you will need to replace the header line on the 200D config with one from a 200E config. Since both models have different port configurations, it may be best to save a factory reset config from the 200E so you can see the port/interface differences via a text editor/compare tool.
When you load the "revised" 200D config on the 200E, perform a diagnose debug config-error-log read after that first reboot to see what "messed" up and edit the config accordingly.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
I would use the 200E clean config in the bottom for the new config and only add all the basic needed config from the 200D.
The diagnose debug config-error-log read Dave is reffering to are very nice to use.
- When i did this in newer FortiOS i also needed to recreate the PreSharedKeys for all the tunnels. Newer needed to do that before.
Fortigate <3
Thank you for all the suggestions. I went ahead with what Dave Hall suggested.
I built the interfaces/virtual switches in the 200E and backed up the config. I took a backup of the config on the 200D. I used notepad++ and added in the 64bit compare plugin but in this specific case I didn't use the plugin much. I just copied and pasted / replaced the interface information on the 200D as well as replaced the first line of its config. I restored it to the 200E and used the "diagnose debug config-error-log read" command and just had to make a couple of tweaks to the config. I went ahead and swapped the units in our maintenance window and we're using the 200E in production as I write this. I need to swap a 90D for an 80E next week and will use this same process.
Once again, thank you for all the quick and knowledgeable responses!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.