Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
genisi
Visitor

Copy config from a different model Fortigate : Local username/passwords?

Obviously local passwords are encrypted. If you were to copy the config from one model Fortigate I would assume a different model Foritgate won't like those encrypted passwords?

Is it the case that you would have to redo all local username/passwords on the new Fortigate? How does Fortinet do it when upgrading Fortigates with their conversion service?

thanks!

2 REPLIES 2
GeorgeZhong
Staff
Staff

Hi @genisi ,

 

The encryption algorithm of different FortiGate model is different, which means we cannot copy the encrypted password string between them. In this case, if we choose to manually copy the configuration, we need to redo all passwords on new FortiGate.

 

For the FortiConverter service, only the default admin account password will be reset for security purpose. In general, encrypted secret data, credentials, e.g., VPN pre-shared keys, certificates, local users, and admin passwords, will remain valid after cross model migration as long as the FOS version is above 5.6.

 

Reference:

 

https://docs.fortinet.com/document/forticonverter-service/25.1.0/online-help/117818/fortigate-config...

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Authentication-failure-after-migrating-to/...

 

Regards,

George

Toshi_Esumi

We so far had no problem moving the hashed passwords and PSKs around between models. I'm currently working on customer VDOM migrations from 1500Ds to 1000Fs.
Just copy&paste is working for "config sys admin" and "config vpn ipsec phase1-interface". By the way both sides have the same version though.

And, even if you have some doubt, you can easily test it yourself if you have two models of FGTs.

Toshi

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors