we are currently using a Fortigate 1200D firewall, and we are considering upgrading to a FortiGate 600F model. However, before making the transition, we would like to gather some information regarding the migration process and its estimated timeline.
You can use FortiConverter Tool/Service to convert your configuration compatible with 600F and latest FortiOS. Review the Data sheet of 600F and plan the Interface port mapping correctly. You can prepare your device before hand and mount them closer to your 1200D and perform a Cutover migration during the outage/Maintenance window. Proper review of the configuration has to be carried out prior to this activity and with this approach you can easily switch to your older hardware if there is major Business Critical issues.
The actual timelines depends on the amount of configuration on the devices which has to be migrated to the new device and you need to verify them before Migration. Post migration you need to perform entire sanity test and it also depend on your number of services and the availability of the team during the migration window.
I strongly recommend you may us Fortinet Professional service for planning and carefully executing such migration activities.
It is recommended to use forticonverter while converting configuration or using it on different model. If not doing so might not result in a loss of configuration.
To perform this task, you can request for FortiConverter service through your local Fortinet partner.
Note: You can also send an e-mail to the FortiConverter group at email@example.com.
Alternatively, you have to manually edit the configuration file before restoring it to the new Fortigate unit. You have to make sure that for example the interface names are correct and corresponds to the new unit interface names.
Please follow the below KB: How to load/convert a FortiGate configuration file from one unit to another (file conversion for a different model)
Considering manual porting, have a look at the original config file. If the config comprises like 15.000 - 17.000 lines, cut&paste in a side-by-side editor (Sublime, WinMerge,...) could take 1-2 days of focused work. IF you know what you are doing, and if you have planned the interface mapping old-to-new ahead.
Of course, it would help if you bring the firmware versions together as close as possible. Either by upgrading the old FGT or by downgrading the new FGT. The Upgrade Path tool is helpful in that it will tell you the minimum and maximum version of FortiOS which is supported by the respective hardware.
I do this frequently, even from D series to F series. That usually works to 100%, even with encoded user passwords and VPN PSKs.
Problems may arise e.g. if you transit from different main versions, like FOS v6.4 to v7.0, as the default values might have changed. Default values are not included in a regular backup, only in a full backup ("show full" and capturing). But a full backup is way bigger, making it hard to keep the overview.
> Evaluate your existing FortiGate 1200D configuration, including policies, routing, NAT rules, security profiles, and interfaces.
> Create a comprehensive backup of your FortiGate 1200D configuration > Acquire the new FortiGate 600F hardware and perform initial setup, including configuring basic network settings. > Migrate the configuration from the FortiGate 1200D to the FortiGate 600F. > Test the migrated configuration in a controlled environment.
> Perform final testing with a subset of users to ensure no unforeseen issues arise. Address any concerns raised during this phase.
> Schedule a maintenance window to perform the actual migration. This may involve temporarily disconnecting the 1200D and connecting the 600F > After the migration, thoroughly test the new FortiGate 600F to ensure all services are operational and that there are no issues stemming from the migration process.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.