Hello...
We have purchase two new Fortigate 1101E Firewalls for our new location. I have been able to set up the new firewalls via the GUI but can not upload the backup configurations to the new firewalls.
First, I am coping the configs to a USB with no password. When I attempted to upload the configs to the new firewalls I get a prompt for a password (Which I never set a password). Also from the Restore System Configuration the system will not see the USB Disk on the Local PC to upload from. Once I attempt to attempt to upload the config file to restore it prompts me for a password.
Is there any issues with restoring the new Fortigate 1101E Firewalls with the configs or the 501E?
Also, why does the Restore System Configuration not recognize the USB Disk?
Thanks in advance for you assistance!
~ Jerry
If you plugged in an USB memory containing a config file to your PC and you're at FGT's GUI to upload the file, it would be an upload from "Local PC" in GUI and you just need to point to the file on the USB memory.
The "USB DIsk" option in the GUI should be used when the USB memory is directly hooked up at the USB port on the FortiGate unit.
<edit>
Depending on the combination of your browser type/version and FortiOS version, you might see the password box is prefilled with something. I see it with Firefox 99.01 + FortiOS 6.4.8. In that case, you just need to empty out the box and hit OK to proceed. I don't see this problem with Google Chrome.
Toshi
Tosh...
Thanks for responding to my inquiry. I am still encountering issues with attempting to Restore the config files to our new Fortigate 101E Firewalls.
It seems that when I connect the USB stick directly to the hardware and attempt to view the config file from the GUI, the file is not visible. (Attached image to message).
Also, When attempting to upload the config file via the Local PC, I am getting an Invalid configuration file or password required. There has not been a password set for the Restore Process.
Please advise.
Also, is there a way via the CLI to restore the config to the new hardware?
Thanks for your assistance!
~ Jerry
Now I'm wondering if the backup config is for 1101E. Restore works only for the same model.
Toshi...
What is your recommendation? This is new hardware. Do we have to enter the configurations into hardware manually or can it be done via the CLI.
Please advise.
Thanks.
~ Jerry
You can search some discussions about config "conversion" or "migration" or similar keyword through this forum. But basically two options: Converter or manual conversion.
There is a piece of software called FortiConverter. I don't know if free trial is available or you need to buy a license.
If you want to go manual method, you almost have to use CLI and need to have good knowledge about all components of configuration inside the config file, at least what you're using, like
"config system global"
"config system interface"
"config firewall policy"
"config vpn ipsec phase1-interface"
"config vpn ipsec phase2-interface"
"config webfilter profile"
and so on and on.
Then you would need to know what need to get copied or what part needs to be modified before getting copied. For example, interface names need to match the new HW interface names obviously. And as long as interface names are ok with the new HW, you can copy all policies as long as you have copied all protection profiles. You need to know all those conditions. Once you have a good plan, the rest would be: copy from the config file, modify, then paste into the new FGT.
If you go that path, I would recommend you first upgrade the previous FGT to the same FortiOS version, or at least the same major version, like 6.4, 7.0, which you are intending to deploy with the new FGT, so that at least all those config components are the same.
Toshi
Hello Jerry.
In a short, if you are restoring the config from a Fortigate 1101E to a Fortigate 1101E, that should work without any probem.
If you do upload the config of a Fortigate 501E to the Fortigate 1101E, that will not work, as these two Fortigates do have completely different hardware platform.
And in the case of Fortigates, the config file is hardware/model specific, meaning that you simply cannot restore the config file of one device to another.
The correct way of doing it is to utilize the Forticonverter tool, which will convert your current config file to be suitable to the Fortigate 1101E:
https://www.fortinet.com/products/next-generation-firewall/forticonverter
Or, you can migrate the config manually, as described here:
Ahmad
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.