Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nika5
New Contributor

Replace broken fortigate

Hello all,

Sorry for the title but let me explain..

So a customer of ours have a broken fortigate 50E that will need to be replaced, they have done an RMA and will soon receive a new 50E (they have a plan to upgrade to a 61F soon as well).

Anyway, I was wondering if there is an easy way to do a backup and just upload the configuration to the new firewall? Usually, what I do in these kind of situations, I just do a backup of the old one, take that backup file and then upload to the script option in the new firewall.

But is there a better way to do this, a more simpler, efficient and secure way to do this task? One of the risks I'm thinking of (and please correct me if I'm wrong) is a syntax change between different models, especially when I need to replace the old 50E to the new 61F in the future. Not sure if there is a syntax change between models, more likely it would be between versions I would say, but not sure. It would suck to upload a config via the script options and then get many errors etc.

So

When replacing firewalls, is there a efficient, simpler and more secure way to do a backup and then upload it to the new firewall?

When for example doing a backup of an old fortigate, for example, let say when I will be replacing a 50E to a 61F later on, and let say that the the 50E is on version 6.4.11: before uploading the backup config of the 50E to 61F, I make the 61F to be on version 6.4.11, then uploading the backup config of 50E to 61F and then upgrading the 61F to for example 7.0.9 etc. Is that a good way to go?

Appreciate all help!

router login 192.168.l.l
3 REPLIES 3
abarushka
Staff
Staff

Hello,

 

Uploading configuration from one hardware platform to another hardware platform is not supported. You may consider to use FortiConvertor to convert FortiGate 50E configuration to FortiGate 61F or configure new FortiGate 61F from scratch. Please find more details about  FortiConvertor by following the link below:

 

https://www.fortinet.com/products/next-generation-firewall/forticonverter

FortiGate
Yurisk
Valued Contributor

Hi, 

there is no easier way beyond the mentioned Forticonverter to migrate configs between different hardware models. Fortivonverter can be used in 2 ways: 

  1.  As a stand-alone on premises software installation, but its cost (Google search estimated to be 3995$) would hardly justify it for one-time migration. It works great, I have positive experience with it as we are Integrator and use it for clients' migration projects quite a bit, especially transferring from others' vendors to FGT.
  2. As a one-time service from Fortinet themselves, as a part of some subscription, but cannot say more as never used this option myself.

So the way you did it - export the config file from 50E, fix manually the differences - interface names, rules, and import manually  to the new one is the way. The 50E is hardly to have complex enough configs to be an issue for that. 

 

I once had to manually transfer config in emergency mode from failed 1500D, as a VDOM to another 1500D, and it was a lot of configs to fix. Nevertheless, using just Notepad++, 1,5 hour later the new FGT1500D was up and running, so where there is a will there is a way :).

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
abarushka

Hello,

 

Manually modifying configuration in the notepad is strongly not recommended, since there is no input validation, which may lead to typos and unexpected behavior.

FortiGate
Labels
Top Kudoed Authors