Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gmiretzky
New Contributor

FW Migration between ADOMs

Hi, 

 

We upgraded our FW machine from 5.4 to 5.6 (5.6.2) version, and now we would like to move it to a new ADOM under fortianalyzer. 

Our Fortianalyzer already have 2 ADOMs , one for 5.4 and the other for 5.6 with one machine already in 5.6 and we will need to move the others as well. 

 

What is the best practice to migrate machines between ADOMs where: 

[ul]
  • We would not like to loss any data/logs 
  • We will need to migrate all and then remove the old ADOM 
  • We want to avoid the need to use 2 ADOMs for the same device (one for old logs and one for new logs)
  • We need to create and manage disk usage (the 5.6 ADOM have only 7GB of storage while the 5.4 have about 200G)[/ul]

     

    Any help / docs / Manuals will be much appreciated. 

     

    Thanks. 

    Guy

  • 4 REPLIES 4
    romanr
    Valued Contributor

    Hey,

     

    using different ADOMs for different FortiOS Versions is only relevant for the Fortimanager features. In FAZ you can use 5.4 and 5.6 in the same ADOM, as there aren't major differences in terms of logging.

     

    ADOMs in Fortianalyzer will only take care about the presentation of the data. Data will be only stored once.

     

    Br,

    Roman

    gmiretzky

    Hi Roman, 

    Thank you for the quick reply. 

     

    We would like to migrate the machines to the new ADOM, even if there are no major differences in terms of logging, i think it will be a good practice. 

     

    What will be a good methodology for accomplish that ? 

    We can enter the 5.6 ADOM settings (under system settings -> All ADOMs ) and click on add device. This will give me a list of devices that are corrently on 5.4 ADOM and i can add them, but i am not sure what will happen? 

    [ul]
  • Will it remove them from the other ADOM? 
  • Will it migrate the old logs? [/ul]

     

    As i said, we have a smaller disk for the 5.6 ADOM as it only had 1 device. Should we add another disk ? Can we resize the corrent disk? 

     

    What do you think? 

     

    Thanks. 

    Guy

  • romanr
    Valued Contributor

    Hi,

     

    what kind of product and software version are you using? FortiOS version in Fortianalyzer should only apply, if you have activated Fortimanager features... Or are you having a Fortimanager? A normal Fortianalyer should not bring a FortiOS version with its ADOMs.

     

    - Yes the device will be removed from the other ADOM

    - The storage demand will be recalculated, there is no physical movements on the logs... and there are no disks/ADOM

    - You will just have to set your ADOM storage limits accordingly after moving.

     

    Br,

    Roman

     

     

     

    RobertReynolds

    When you move a device into a different ADOM, the archive (compressed) logs are migrated to that ADOM, but the analytics (indexed) logs do not migrate.

    As such, you need to rebuild the ADOMs to move the analytics logs into the new ADOM and delete them from the old ADOM.

     

    Before you move a device out of an ADOM, there is some information of which you should first be aware: The disk quota set on the current ADOM (System Settings > All ADOMs)

     

    Since disk quota is set per ADOM and not per device, you do not necessarily need to match the disk quota from the current ADOM to the new ADOM, because the new ADOM may contain less devices then the current one, for example. However, you do need to ensure your new ADOM will have enough space for the device you are moving into it.

     

    The volume of logs (System Settings > Storage Info or # diagnose log device) Although disk quota is set per ADOM, it is important to know the actual log volume associated with the device you are moving. You need to ensure the new ADOM, at minimum, has enough space to move the device's current logs. You will still need to select a disk quota with future logs in mind though.

     

    Assuming you want the old logs (analytics logs) in the new ADOM so you can run reports against them, and no longer want to see the device logs in the old ADOM, you need to rebuild the new ADOM database and the old ADOM database.

    Execute the following command to rebuild the two ADOMs and transfer the analytics logs. # execute sql-local rebuild-adom NEW_ADOM OLD_ADOM

     

    Running this command before and after the rebuild should show you the usage changes:

     

    #diagnose test application logfiled 4

    Labels
    Top Kudoed Authors