Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jon_Hill
New Contributor

Newbie Question - Copy config from one firewall to another in the CLI

I' ve got two Fortigate firewalls with different policies and need to make sure that both policies match. Is it possible to copy addresses and address groups from the CLI between the two firewalls? Is there anything I need to make sure I do first before I commence the work? Thanks Jon
7 REPLIES 7
g3rman
New Contributor

Hi Jon, welcome to the forums. Copying objects on the CLI is the fastest way to do this unless you happen to have a FortiManager around :) The order you should go in: -Host addresses (show firewall address) -Address groups (show firewall addrgrp) -Custom services -Custom service groups -Policies
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
Jon_Hill
New Contributor

Thanks for the info, if a host address or group exists already in the config of the firewall I' m transferring to will it overwrite the existing host\group or ignore it? Thanks Jon
rwpatterson
Valued Contributor III

It will add to it, overlay existing, and adding unique entities.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Jon, if the 2 fortigates are the same model, you can export, then import the whole configs file from on into another. If this isn' t the case, I would personally save both firewall configs as text files, then edit/compare them manually on your PC. You can copy/paste configs commands back and forth between the 2 configs files as needed.
TopJimmy
New Contributor

I' ve had to do this recently and I didn' t have much (any) luck. I' ve got a pair of FGT800' s in a cluster that aren' t syncing properly since the upgrade to 4.0.3. One of the procedures that Fortinet support asked me to do was to take the slave offline, disconnect ethernet cables and from the console port, do a " factory default" and then, after changing the HA priority and the " name" of the unit, copy the config from the primary to the slave and then reconnect the slave to the cluster. My config from the primary is over 5MB in size. The paste process hosed the 2 different terminal programs (hyper term and PowerTerm) I use. I' m not sure if it overloaded the comm port on my PC or what but I' ve got a couple questions for those that have done this in the past successfully: 1.) What program did you use? 2.) Did you connect to the console port directly or was it a CLI/Telnet/SSH connection? 3.) How big is your config file? Any help would be much appreciated.
-TJ
-TJ
rwpatterson
Valued Contributor III

Did you try restoring into the backup instead of cut/paste? I get about 200 lines, and the Windoze clipboard takes a dump....

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
TopJimmy
New Contributor

yeah....I' m a moron. I just did that and it works great. I think the Fortinet support dude saw my post or something and he called me and told me of the restore function. Using the console cable through a serial port to load huge files doesn' t work very well. Thanks!
-TJ
-TJ
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors