FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
chall_FTNT
Staff
Staff

Description
This article explains the use of the 'exec migrate' command on FortiAnalyzer/FortiManager to help with migrating configurations between models (since configuration backup files are model specific).

Scope
FortiManager and FortiAnalyzer.

Solution

Some common migration scenarios that this command helps with:

  • Upgrading to a larger appliance.
  • Moving configurations between a physical appliance and either VM or Cloud environments (or vice versa).
  • Recovering from the loss of administrative passwords (see related article).
Other Considerations (not directly covered by this article):
 
1) When migrating between VMs, the VM license can also be transferred to the new VM (see related article).
2) If the public-facing IP of the FortiAnalyzer or FortiManager is also changing, FortiGates need to be re-pointed to the new IP address (see related article for pointing to a new FortiManager).


Command Usage

In order to help to migrate from one model to another, the following command line (CLI) command was introduced starting in FortiAnalyzer/FortiManager 5.4.1:


# execute migrate all-settings <ftp/scp/sftp> <server ip> <filename> <username> <password>

It allows all configurations in the configuration file to be loaded except for system settings (see below).

Requirement

The configuration file should be loaded onto a VM/appliance running the same firmware as the original VM/appliance when the configuration was backed up.


System Settings

System settings will remain as they were prior to loading the configuration file.  If the system settings are needed to be copied from the original model, they are viewable from the CLI and can be copied manually between models.
 
If the configuration file is copied over is for multiple ADOMs, make sure to enable ADOM in the new VM before using the migrate command.
 
Logs

Any logs must be backed up and restored independently of the configuration file.

 

# exec backup logs
# exec restore logs

 

FGT config adjustment

 

Once you have loaded the new FortiAnalyzer config and or FortiManager config adjusting the FortiGate config will be needed.

 

This can be done using the below batch CLI command:

 

Changing FMG config:

 

# exe batch start

  config system central

  set fmg 'new FMG IP if needs be'

  set serial 'new FMG serial'

  end

  exe batch end

 

Changing FAZ config:

 

# exe batch start

  config log fortianalyzer setting

  set server 'new FAZ IP if needs be'

  set serial 'new FAZ serial'

end

exe batch end

 

References
Also see the FortiManager Admin / Online guide

 

Related Articles

Technical Note: Management IP for Fortinet VM products

Technical Note: Pointing the FortiGate to a new FortiManager IP

Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lo...