- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Replace broken fortigate
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Replace broken fortigate
Hello all,
Sorry for the title but let me explain..
So a customer of ours have a broken fortigate 50E that will need to be replaced, they have done an RMA and will soon receive a new 50E (they have a plan to upgrade to a 61F soon as well).
Anyway, I was wondering if there is an easy way to do a backup and just upload the configuration to the new firewall? Usually, what I do in these kind of situations, I just do a backup of the old one, take that backup file and then upload to the script option in the new firewall.
But is there a better way to do this, a more simpler, efficient and secure way to do this task? One of the risks I'm thinking of (and please correct me if I'm wrong) is a syntax change between different models, especially when I need to replace the old 50E to the new 61F in the future. Not sure if there is a syntax change between models, more likely it would be between versions I would say, but not sure. It would suck to upload a config via the script options and then get many errors etc.
So
When replacing firewalls, is there a efficient, simpler and more secure way to do a backup and then upload it to the new firewall?
When for example doing a backup of an old fortigate, for example, let say when I will be replacing a 50E to a 61F later on, and let say that the the 50E is on version 6.4.11: before uploading the backup config of the 50E to 61F, I make the 61F to be on version 6.4.11, then uploading the backup config of 50E to 61F and then upgrading the 61F to for example 7.0.9 etc. Is that a good way to go?
Appreciate all help!
Appvalley https://vlc.onl/
Labels:
- Labels:
-
FortiGate
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Sara,
No, we cannot upload a 50E configuration file directly to 61F. They are totally different models and will mess up the configuration file on 61F. The best and easiest way to do it is to use Forticonvertor services. You can follow this link for registration of Forticonvertor License Purchase Options | FortiConverter Service 20.1.0 (fortinet.com) In Forticonvertor you can simply select the models and upload the configuration and it will convert it to 61F.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
beyond Forticonverter already mentioned, there is no "easy" way (by easy mean click-click-double click) to convert configs between different models. About the Forticonverter thing - you have 2 ways to get it: as a one time service from Fortinet, or as a standalone software subscription on premises. The price of on-premises software is too high to justify with upgrading 1 FGT (or even 10 for that matter, a search on Google gives estimated price of 3995$ ) , one-time service is included in some subscriptions, not sure of the details.
As others on reddit mentioned - FGT 50E will hardly have any complex configuration to try and automate this. The way you do it - exporting config, fixing interface names/zones and such, then importing it is the usual way for such cases.
I, personally, once had to migrate config from one failed FGT 1500D to another (with VDOMs), while the destination one having partial configs in place already, it wasn't fun, but in 1,5 hour it was up and running in a new place. So, when there is a will, there is a way :).
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Related Posts
- How to Migrate VLANs to Virtual... 253 Views
- Configuration of fortigate firewall for 30... 182 Views
- FortiGate ethernet broken with HA 731 Views
- FortiGate Transparent Proxy 155 Views
- Managing FortiSwitches through 3rd party L3... 496 Views
Labels
-
FortiGate
6,457 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.