Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Paul_S
Contributor

FortiConverter 4.6 - SSL.root and VPN_Interfaces

when converting FGT > FGT and mapping the interfaces, the SSL.root is not the destination interface list box. Also what do I match phase-1 VPN interfaces to?

 

Do I even need to convert my config at all if I do a FG200B (5.2.3) to a FG200D (5.2.3)???

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
1 Solution
ede_pfau
Esteemed Contributor III

Wishful thinking - the 200D will reject the 200B config file. Just try it.

 

But there is a trick to do it anyway:

- backup the (factory-reset) config of the 200D

- take a copy of the old config file of the 200B

- replace the first 3 lines in the config file

- now it states that the config is coming from a 200D

 

You can now restore that config file to the 200D. You might run into minor issues if

- interface names do not match between models

- switch ports were configured to be single independent ports

 

To check for import errors, open the CLI and  type 'diag deb conf read'. Work your way through the messages until none remains.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
4 REPLIES 4
gschmitt
Valued Contributor

Assuming the 200D is not yet in use you might simply try importing the 200B's config.

 

If you see any errors simply execute factoryreset on the device.

 

Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did

Paul_S

gschmitt wrote:

Assuming the 200D is not yet in use you might simply try importing the 200B's config.

 

If you see any errors simply execute factoryreset on the device.

 

Other than that, especially for a FGT>FGT Conversion I would simply do it manually, it's probably faster than finding any errors the Converter did

awesome! I was hoping someone would tell me the config might import into the FG200D without too much trouble.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
ede_pfau
Esteemed Contributor III

Wishful thinking - the 200D will reject the 200B config file. Just try it.

 

But there is a trick to do it anyway:

- backup the (factory-reset) config of the 200D

- take a copy of the old config file of the 200B

- replace the first 3 lines in the config file

- now it states that the config is coming from a 200D

 

You can now restore that config file to the 200D. You might run into minor issues if

- interface names do not match between models

- switch ports were configured to be single independent ports

 

To check for import errors, open the CLI and  type 'diag deb conf read'. Work your way through the messages until none remains.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mickstrick_FTNT

The interfaces in the drop down lists are common physical interfaces from a predefined list. They are not read from the source configuration file.

 

You can simply type the name of the interface if it is not in this list. You may find typing names easier than scrolling through the list, anyway.

 

Unless you specifically want to, virtual interface names may remain the same. Associated interface values are updated by any new physical interface mapping configured.

Labels
Top Kudoed Authors