Hello all --
I currently have a FortiGate 50e (#1) up and running. I will be installing a second 50e (#2) in another location. I wanted to copy (restore) the config form #1 to device #2. Since most of the settings will be the same, I wanted to cut time down on having to do a full configuration on #2 and just change the settings that need to be changed. However, once I restore the config file to #2, it no longer allows me to access the device. Any suggestions?
I'm not sure what you meant by "access the device". But assume you're realizing it (#2) has #1's config including interface IPs and admin username/password. Then to figure out what's going on or change something to allow your access from an interface, you need to get in via Console port and use CLI to do it.
You could have pre-modified the config file to adjust it for #2's needs before uploading. But since it's already uploaded, modifying it via Console would be the fastest option.
Thanks for the input Toshi.
Just for clarity, what I meant by cant access is that I cant get to it by GUI or CLI. Unfortunately I am not a network person (more of the sys admin type) and am not too experienced with configuring network equipment. We had a service provider configure the original one so I just took that config file, modified it with a new IP and uploaded it. However, with the new IP (or even old IP) I was unable to get into the device. It was connected to a stand alone laptop so that it wouldnt interfere with the current network. I was able to get it going through the cloud and changed\updated configurations that way.
Then, probably you couldn't even ping the IP you are trying to get in with. Could be a typo for the address when you change or DHCP if your laptop is relying to. Anyway, you need to console into it then correct.
That last sentence in Chris's last post seems to imply he found a round-about way to resolve the issue. But yet, if I was on site, I would have had console (rollover) cable connected and puttying into that #2 to see where the problem is.
Chris may want to edit his OP if issue is indeed resolved.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Just a note for someone who's planning to 'clone' a FGT like this.
There's nothing much speaking against it. Maybe you want to change some settings in the config file before restoring it. It's a text file IF you don't back up 'encrypted'. Thinking of hostname and alias (in CLI: config system global).
One caveat:
in the config file, delete the section with local certificates! 'config vpn cert local' and below. If you don't the local, factory certificates will show the serial number of the clone master FGT, not the cloned one.
You can fix this after the deed with a CLI command but it's far easier to avoid this situation right from the start.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.