Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
phensley
New Contributor

Created on ‎04-15-2022 06:27 AM

Moving config from FGT VM64-KVM to FGT 80F

I was wondering if anyone has any recommendations with migrating config between Fortigate devices? We currently lease Fortigate VM64-KVM's from AT&T but decided to buy 80F's to save money from leasing. Exporting the config from the old to the new does not work, and is not supported apparently except with the FortiConverter tool. I downloaded the trial and was able to import the VM64 config, and have it connect to the new device successfully and it threw up a bunch of red flags about port names not matching and what not. I know it's not the fully licensed version, but wasn't sure if buying it would even work.

 

Does anyone have any experience or advice in this?

Labels:
921
0 Kudos
3 REPLIES 3
Markus_M
Staff
Staff

Created on ‎04-15-2022 06:32 AM

Hello,

 

the converter should work just fine.

If your configuration is not complicated, you can also see to do some copy&paste of parts of a backup configuration from top to bottom of needed parts. Interface names will be different but for example an LDAP configuration can be copy and pasted as is, as well as the referencing user/groups.

You will mostly need to make sure that your interfaces are made and set correctly to whatever their purpose is.

On the 80F you might have an internal switch that the VM might not have, so you want to remove it prior to doing anything with the 80F configuration.

 

Best regards,

 

Markus

882
0 Kudos
phensley
New Contributor
In response to Markus_M

Created on ‎04-15-2022 06:57 AM

 

 

Thanks for your reply Markus. This is where the Converter tool stops, with the text in red and I'm not sure why. Someone else originally configured these years ago for us

 

IMG_6485.jpg

877
0 Kudos
Markus_M
Staff
Staff

Created on ‎04-16-2022 03:06 AM

Hello,

 

This looks like the original configuration had VLANs in it, VLAN 4001, VLAN 200.

You basically convert the configuration in a way that says:

- This is the source firewall with these ports that have some specific use (port1=wan, port2=server, port3=dmz,...etc).

- This is the destination firewall with these other ports with no defined use.

 

You will need to map what use these ports on the new firewall will have.

That means you will have to understand the intention of these VLANs in order to map them correctly.

 

Best regards,

 

Markus

869
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.