Obviously local passwords are encrypted. If you were to copy the config from one model Fortigate I would assume a different model Foritgate won't like those encrypted passwords?
Is it the case that you would have to redo all local username/passwords on the new Fortigate? How does Fortinet do it when upgrading Fortigates with their conversion service?
thanks!
Hi @genisi ,
The encryption algorithm of different FortiGate model is different, which means we cannot copy the encrypted password string between them. In this case, if we choose to manually copy the configuration, we need to redo all passwords on new FortiGate.
For the FortiConverter service, only the default admin account password will be reset for security purpose. In general, encrypted secret data, credentials, e.g., VPN pre-shared keys, certificates, local users, and admin passwords, will remain valid after cross model migration as long as the FOS version is above 5.6.
Reference:
Regards,
George
Created on ‎10-08-2025 08:24 AM Edited on ‎10-08-2025 08:36 AM
We so far had no problem moving the hashed passwords and PSKs around between models. I'm currently working on customer VDOM migrations from 1500Ds to 1000Fs.
Just copy&paste is working for "config sys admin" and "config vpn ipsec phase1-interface". By the way both sides have the same version though.
And, even if you have some doubt, you can easily test it yourself if you have two models of FGTs.
Toshi
User | Count |
---|---|
2625 | |
1395 | |
810 | |
672 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.