Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Paul_S
Contributor

Created on ‎06-08-2015 08:50 AM

FortiConverter 4.6 - SSL.root and VPN_Interfaces

when converting FGT > FGT and mapping the interfaces, the SSL.root is not the destination interface list box. Also what do I match phase-1 VPN interfaces to?

 

Do I even need to convert my config at all if I do a FG200B (5.2.3) to a FG200D (5.2.3)???

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
4664
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser

Created on ‎06-13-2015 11:37 AM

Wishful thinking - the 200D will reject the 200B config file. Just try it.

 

But there is a trick to do it anyway:

- backup the (factory-reset) config of the 200D

- take a copy of the old config file of the 200B

- replace the first 3 lines in the config file

- now it states that the config is coming from a 200D

 

You can now restore that config file to the 200D. You might run into minor issues if

- interface names do not match between models

- switch ports were configured to be single independent ports

 

To check for import errors, open the CLI and  type 'diag deb conf read'. Work your way through the messages until none remains.

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
2749
0 Kudos
4 REPLIES 4
gschmitt
Valued Contributor

Created on ‎06-12-2015 05:51 AM

Assuming the 200D is not yet in use you might simply try importing the 200B's config.

 

If you see any errors simply execute factoryreset on the device.

 

Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did

2717
0 Kudos
Paul_S
Contributor
In response to gschmitt

Created on ‎06-12-2015 12:01 PM

gschmitt wrote:

Assuming the 200D is not yet in use you might simply try importing the 200B's config.

 

If you see any errors simply execute factoryreset on the device.

 

Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did

awesome! I was hoping someone would tell me the config might import into the FG200D without too much trouble.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
2717
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎06-13-2015 11:37 AM

Wishful thinking - the 200D will reject the 200B config file. Just try it.

 

But there is a trick to do it anyway:

- backup the (factory-reset) config of the 200D

- take a copy of the old config file of the 200B

- replace the first 3 lines in the config file

- now it states that the config is coming from a 200D

 

You can now restore that config file to the 200D. You might run into minor issues if

- interface names do not match between models

- switch ports were configured to be single independent ports

 

To check for import errors, open the CLI and  type 'diag deb conf read'. Work your way through the messages until none remains.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2750
0 Kudos
mickstrick_FTNT
Staff
Staff

Created on ‎06-30-2015 07:42 AM

The interfaces in the drop down lists are common physical interfaces from a predefined list. They are not read from the source configuration file.

 

You can simply type the name of the interface if it is not in this list. You may find typing names easier than scrolling through the list, anyway.

 

Unless you specifically want to, virtual interface names may remain the same. Associated interface values are updated by any new physical interface mapping configured.

2717
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.