Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amorales
New Contributor

Creating a basic template from a different FGT model

Hi, I have currently some F100 FWs but I need to create a template basic template for F80 FWs. I just need to specify HA, an aggregate link using two physical ports and out of band management IP. Do you know what should I change in the template header to make it valid for F80? Just modifying the model would be enough? Concerning the template, I suppose that it is not mandatory to specify all parameters and I could just specify interfaces and ha configuration, right? Thank you very much in advance.
2 REPLIES 2
abarushka
Staff
Staff


@amorales wrote:
Hi, I have currently some F100 FWs but I need to create a template basic template for F80 FWs. I just need to specify HA, an aggregate link using two physical ports and out of band management IP. Do you know what should I change in the template header to make it valid for F80? Just modifying the model would be enough? Concerning the template, I suppose that it is not mandatory to specify all parameters and I could just specify interfaces and ha configuration, right? Thank you very much in advance.

Hello,

 

Modification of the configuration in text editor is not supported, since there is no input validation which can lead to unexpected results.

FortiGate
Debbie_FTNT
Staff
Staff

Hey amorales,

to expand on my colleague's post:

- modifying a config via text editor can sometimes lead to unexpected results or errors

-> there is no check when you take a text editor to modify a configuration backup and then upload that modified configuration to a FortiGate

-> if there are any errors, this could break FortiGate pretty badly, depending on what was modified

 

As an example, taking a 100F config to run on an 80F unit:

-> yes, you could just swap out the header to make the config file seem like it belongs to an 80F unit instead of the 100F it came from

-> the interfaces won't line up (100F has more interfaces than 80F)

-> there can be differences in interface names between models

-> there can be differences in pre-configured software switches

-> there are different configuration limits (80F allows for fewer group objects than 100F for example)

--> just the fact that interfaces don't line up can lead to significant issues

--> it is VERY strongly suggested not to do this unless you're dealing with a pure lab environment where you can reconfigure, reset and wipe units as much as necessary

 

I would instead suggest this approach:

-> you can copy the relevant configuration snippets from a FortiGate 100F

-> modify the snippets to use the interfaces you want to actually have in use on 80F

-> take a backup of the 80F so you can revert if there are any issues

-> then connect via CLI

-> copy&paste the snippets one after another

--> watch out for any error messages!

-> the configuration snippets should run as sets of CLI commands essentially

-> if necessary, modify the snippets to get rid of any errors, and restore the 80F config from before the changes to go again and verify that the commands are doing what they should

-> then you should essentially have a few sets of CLI commands to implement the configuration on any 80F unit you want :)

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Top Kudoed Authors