Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mdndiaye
New Contributor

TUNNEL VPN SITE TO SITE AND REMOTE ACESS

Good morning,
I would like to know if possible, if there is a way to recover the configuration file of the S2S and RA VPN tunnels from a fortigate to copy it to another fortigate box.
Only VPN configuration.
Thank you in advance for your answers

2 REPLIES 2
jintrah_FTNT
Staff
Staff

Hi,

Please see Technical Tip: How to load/convert a FortiGate con... - Fortinet Community if it  may help, ideally copying the config to another FortiGate on same version should be possible.

 

Best regards,

Jin

sw2090
Honored Contributor

you could get yourselve an unencrypted backup of that FGT. Then open that in some Text Editor and find the vpn config.

For IPSEC it starts with "config vpn ipsec". You need to get Phase1 and Phase 2 config of the tunnel. 

You can then run that as script on the other FGT or paste into cli.

Just make sure you run the same FortiOS version on both because that could create issues with content that is only stored encrypted in the config like ipsec psks since the encryption changed between fortios versions.

 

Also you would need to copy all objects the ipsec depends on. That might be adresses/addressgroups if you use mode config or user/usergroups for xauth.

 

Also keep in mind that you might need to copy static routing and policies since IPSec will not come up if there is no policy for it.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors