Our HQ have a single FG200B which we plan to replace with a 2x HA FG200D. Both is running 5.0.9
I have also installed FortiManager (5.0.9) and connected both devices to FMG, and I want to use FMG to migrate / move configuration and Policies between the devices.
I have long experience with Fortigate but is a unknown to FMG.
But it seems not to be as straight forward as I wished:
1) I cant find any way to migrate the (viritual) Interfaces, Zones and its IP-configuration. Is it correct that this must be configured manually on the new device in advance and that FMG only can migrate the Policies?
2) Could VPN's and Routings be migrated aswell?
3) Is it best if the configuration is migrated to one standalone instance of FG200D and set up the HA cluster afterward or should the cluster be etablished first?
4) Is it anything here that may be easier if I upgrade all units and FMG to 5.2.x first?
Are there any How To which describe the workflow for this operation?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Personally, I'm go with #3. There's not much to do in converting a 200B config to 200D config:
[ol][strike]Of course, I am assuming the 200D will automatically recreate the WAN port settings if it doesn't find them in the config file.[/strike]
BTW this topic does come up once in a while -- use the search function to check out the other posts.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thanks Dave.
I am award of the search & replace in the config-file and done it a couple of times. But I had the impression that FortiManager was able to do this in a more elegant (and supported?) way?
Yngve
The FortiManager option would be best and ideal if you already have it set up/configured; I recall someone here on the forums posted some info but didn't into that much detail. See Sean Toomey's post regarding device/policy objects in FortiManager.
Fortinet has published their own semi-offical (unsupported) guide on how to migrate one config from one unit to another that doesn't use a FortiManger, which is located here or the older KB article here.
The method outlined in the KB article is what some of us have been using for years.
I sorta jumped the gun on my reply above. If you want to do a "proper" migration, between step 3 and 4 do the following:
3A perform a search/replace of your "WAN" port references to "wan1" (careful not to replace the port under the config system interface section)
3B edit the config system interface section to include a new WAN1 interface, e.g.
edit "wan1" set vdom "root" set mode dhcp set allowaccess ping https ssh fgfm set type physical set defaultgw enable next
Save the edited 200B config and try restoring that on the 200D. Perform a "diagnose debug config-error-log read" on the CLI to check for any config errors.
If you want to go the extra mile, use a text comparison tool like WinMerge to compare the original 200B config against the edited one loaded into the 200D.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thanks
I find it strange that Fortigate dont offer any tool for complete configuration migration. If I want to migrate between different brand there are several tolols that will help me. If I stay loyal to Fortinet, I am more or less on my own.
It is also suprising that this is not a function in Fortimanager.
FortiConverter supports Fortinet to Fortinet config migration.
I think their is an example of migrating FortiGates in the FortiManager training course documentation
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.