Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Replace Fortigate Cluster because EOL

I have two Fortigates 3700D on a cluster.

We will replace these Fortigates with two new Fortigates 3000F.


All our Fortigates are managed via Fortimanager...



My idea:

1 - Assign the new Fortigates (3000F) with a new name and new mgt IP

2 - Configure these new Fortigates in a new cluster

3- Configure all interfaces as the old ones (3700D)

4 - Add the new Fortigates/Cluster (3000F) to the FortiManager

5 - Assign to these new Fortigates/cluster the same policy package as the old ones (means all policies from the previous one will be sent to these new devices).


During the migration:

Just disconnect the cables from the old Fortigates (3700D) and connect to the new ones (3000F).


What is your opinion? Do you have a better way to replace these Fortigates?








there are 2 ways of doing a replacement.
1. All your mentioned steps above

2. Co-existence of both clusters. But in this case you have to migrate services to use new gateway (IPs configured in new cluster)


It is up to you to choose how to do this replacement.


But your steps are a good way to replace.



I would add a few steps at the end.
Step-6, shut off all connections on the switch side coming from the secondary of the old cluster.

Step-7, swing all cables on the primary of the old cluster to the intended primary of the new cluster & keep fingers crossed.

Step-8, troubleshoot if something doesn't come backup.

Step-9(a), if successful, swing all cables on the secondary of the old cluster to the intended secondary of the new cluster.

Step-9(b), in the worst case if you can't figure out problems in Step-8, you can either swapback all cables from the new primary to the old primary, or unshut those connections from the old secondary after shutting down the connections from the new primary and flip a-p of the old cluster.



Top Kudoed Authors