when converting FGT > FGT and mapping the interfaces, the SSL.root is not the destination interface list box. Also what do I match phase-1 VPN interfaces to?
Do I even need to convert my config at all if I do a FG200B (5.2.3) to a FG200D (5.2.3)???
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Wishful thinking - the 200D will reject the 200B config file. Just try it.
But there is a trick to do it anyway:
- backup the (factory-reset) config of the 200D
- take a copy of the old config file of the 200B
- replace the first 3 lines in the config file
- now it states that the config is coming from a 200D
You can now restore that config file to the 200D. You might run into minor issues if
- interface names do not match between models
- switch ports were configured to be single independent ports
To check for import errors, open the CLI and type 'diag deb conf read'. Work your way through the messages until none remains.
Assuming the 200D is not yet in use you might simply try importing the 200B's config.
If you see any errors simply execute factoryreset on the device.
Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did
gschmitt wrote:Assuming the 200D is not yet in use you might simply try importing the 200B's config.
If you see any errors simply execute factoryreset on the device.
Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did
awesome! I was hoping someone would tell me the config might import into the FG200D without too much trouble.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Wishful thinking - the 200D will reject the 200B config file. Just try it.
But there is a trick to do it anyway:
- backup the (factory-reset) config of the 200D
- take a copy of the old config file of the 200B
- replace the first 3 lines in the config file
- now it states that the config is coming from a 200D
You can now restore that config file to the 200D. You might run into minor issues if
- interface names do not match between models
- switch ports were configured to be single independent ports
To check for import errors, open the CLI and type 'diag deb conf read'. Work your way through the messages until none remains.
The interfaces in the drop down lists are common physical interfaces from a predefined list. They are not read from the source configuration file.
You can simply type the name of the interface if it is not in this list. You may find typing names easier than scrolling through the list, anyway.
Unless you specifically want to, virtual interface names may remain the same. Associated interface values are updated by any new physical interface mapping configured.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.