We have a FG100D as our main router and got a FG60D from a closed remote office.
I would like to use the FG60D as a backup router.
Is it possible to do so as a cluster between the FG100D and FG60D ?
Or is it possible to backup the configuration of the FG100D and restore it to the FG60D ?
I tried to do that but it seems it's not working from scratch :
Importing the config directly returns an error.
So I edited the config file and changed the config-version from FG100D to FGT60D.
The configuration was imported but it seems I didn't get any more access to the FG60D and I had to do a hard reset.[/ul]
You would need to replace the header line (first line) on the 200D config with the header line from a copy of the 60D config before importing (loading) the "modified" config on to the 60D. Assuming you are not using anything fancy, the only "real" difference in porting a modded config would be the 200D's 14-port switch vs the 60D's 7-port switch. But as Ede indicated the internal interface ports may be named differently. Not having access to a 60D, I would assume the internal interface on it are in switch mode by default, whereas the ports 1-through-8 on the 100D are a switch + individual ports (9 though 14) - just guessing on this. (If these fgts are firmware upgradable to 5.4 or higher, the internal ports should be all converted to a hardware switch with individual port members and thus named similarly - someone correct me on this, though.)
I would follow Ede' suggestion. However, if you do plan to import a modded 200D config over to the 60D, perform a diagnose debug config-error-log read from the CLI after that first boot to see what has messed up and edit the modded config accordingly.
yes they do, but it's not for free anymore. The 1 year licence is about 4.300 EUR, and for some models they offer a one-time service (FC-10-FGxxx-189-02-DD). This will cost between 20 EUR and 14.750 EUR.
Notepad++ is good for migrating and comparing configs using the compare plugin.
Sometimes it's necessary to migrate an old config from a C series to an E series. Depending on the models (where there is no overlap in firmware versions), it's helpful to have an intermediary D model to ensure you follow the recommended upgrade paths when migrating.
When changing the headers, ensure the values are the same or you will have odd problems when you try to login.
Side notes to Ede's suggestion. Unlike Cisco who has registration ripping-off policy, Fortinet doesn't let the new owner of a FGT reregister it unless the registered owner is reachable and agreed to release the registration. I had a first-hand experience when I bought an used 50E and the registered owner refused to release it when FTNT reached him. So some risk is associated with an used one.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.