Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
player
New Contributor

FGT MIGRATION

hi all, what is the best way to convert configuration from a fortigate machine to a newer model, got 800 and i' m trying to upgrade it 600C, the confiuration fails on the 600C after modifying the interfaces,routing table and policies
player. rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
4 REPLIES 4
rwpatterson
Valued Contributor III

Open up a Putty window into the new box, and paste in section by section and look for the offending section of the configuration. I know it' s a pain, but at least you get some feedback. My $.02

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Darune
New Contributor

What error message does it give you when it fails? Have you changed the model line at the top of the config file (all the lines starting with #) to match the 600C? The easiest way is usually to backup the existing config on the 600C and selectively copy over the fields at the top.
Paul_Dean
Contributor

Few things to check. - The FG600C and the FG800 are running the same firmware level. This will save you a lot of hassle. If they are not, upgrade the FG800 to the same level taking care to check the release notes for changes as you go. - Backup the config from the FG800 to a text file such as fgt_system.conf. Make a copy of this file as a backup as you will need to edit it. - Make sure the interfaces in the FG800 config file match those of the FG600C. If not find and replace the interface names including the " " so they match in your entire config. The interfaces will be referenced all over the config in policies, VPNs etc. - Backup the config of the FG600C which should be running the same code version as the FG800 and reset to factory defaults. Open this file and copy the header information. Paste this header into the top of the FG800 config (without deleting the old header for now). - Make sure the new header has the same values for: " opmode=0:vdom=0:user=admin" and " #global_vdom=1" . If these are wrong then you will have unpredictable results with parts of your config missing such as your admin accounts meaning you won' t be able to login :(. Delete the old header and save the file. - Copy the file onto a USB memory stick and rename it to fgt_system.conf. Insert the USB memory stick into the FG600C and boot the firewall. If the USB Auto-Install section under System -> Maintenance -> Advanced is set to fgt_system.conf, the config will be loaded when the firewall boots. - Login to the CLI and run the command " get system startup-error-log" to check for errors. I wrote that from memory but I don' t think I have missed anything out. Let us know how you get on.
NSE4
NSE4
rwpatterson
Valued Contributor III

Looks good to me. I usually just copy and paste over the first 3 lines. Always worked for me.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Labels
Top Kudoed Authors