Hello,
i've been asked to migrate 2x Cisco 2130 FTD to 2x Fortigate 200F.
I was wondering if there is a way to export all the FTD configuration and import it in the forticonvert for the conversion.
Did anyone do this type of migration?
From what i know these's no way to export the entire cli config from the FTD (like is possibile for the ASA).
Any tips would be appreciated.
Thanks
Regards
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
at the end i migrated everything manually and worked.
Thanks for the tips...
Not from FTD. FMC doesn't have a text output of show run exactly like you suggested.
Even still though its ALWAYS better to perform firewall migrations manually and cleanup old rules and unused objects at the same time.
Unfortunately i can't do as suggested because i've to retain the same ip address so i can't work in parallel qith the old FTD, furthermore i don't have direct access to the FTD and that's why i need to have the configuration....to migrate one shoot.
Created on 06-30-2023 09:41 AM Edited on 06-30-2023 09:42 AM
You cannot do this with FTD. Manual migration is your only option here. IF you don't have access to the FTD how can you possibly migrate the config??? You can also stand up FortiGate on temp IP, then write policies/objects/interfaces/etc and then do a hot cut to the FortiGate replacing its IPs with the FTD IPs and unplug the FTD.
Hi @adambomb1219 ,
my idea was to stage this 2 fgt in my lab with temporary ip addresses and then change them as you suggested.
I was able to export the config of the FTD (not all) so i can start to import it, objects/interfaces seems to be exported well, i've to double check che policies...
FTD has two packet processing engines and configuration is saved in two different ways by each of them. LINA is the ASA like engine and you can connect to LINA and get "show runn " result to migrate it like an ASA. The snort part of the config will have to be manually taken care of by editing individual policies after LINA config migration.
Note : FTD config will have application as matching criteria in access policies. Also NAT is separately configured in NAT policy in FTD. Similar settings are available in FGT policy based mode. Please look into profile based , policy based NGFW mode and central NAT options.
Hi,
yes i was able only to export the objects, interfaces and nat throught the LINA, acls seem not to be correct, i'll setup the FGT with this basic settings and then i'll manually create all the policies, it is a pity because i've purchased the forticonvert service and won't be able to use it....
at the end i migrated everything manually and worked.
Thanks for the tips...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.