Hot!200D to 200E - Easiest way to migrate / upgrade ?

Author
Kevin Shanus
New Member
  • Total Posts : 5
  • Scores: 1
  • Reward points: 0
  • Joined: 2014/05/15 04:56:43
  • Status: offline
2019/01/09 14:37:28 (permalink) 6.0
0

200D to 200E - Easiest way to migrate / upgrade ?

Hello Folks,
 
We have a 200D and just purchased a 200E. One thing I noticed is that the 200E doesn't have a "hardware" switch. Can I take a backup of the 200D config, edit the interfaces and restore it to the 200E? 
 
Any feedback to assist me with this migration would be appreciated. 
 
Thanks
post edited by Kevin Shanus - 2019/01/09 16:41:06
#1

5 Replies Related Threads

    Daniel_FTNT
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/12 06:16:19
    • Status: offline
    Re: 200D to 200E - Easiest way to migrate / upgrade ? 2019/01/10 03:25:46 (permalink)
    0
    Hi Kevin,
     
    your are right, you won't be able import your 200D config out-of-the-box.
    But you have a couple of options:
    - Use the FortiConverter Service (one-time offer since E-Series) for your new 200E to get the .conf file migrated if you want to keep your setup the same. You may also buy the whole software tool if you have that use-case more often.
    - edit the whole thing yourself using the default config and match the interfaces, hardware, software-switches etc. This might be time consuming.
    - I like to use a migration as an opportunity to clean up a little and straighten up the whole setup (since you do a downtime anyway aren't you?) - you can copy the most obnoxious part of your config like objects and default settings (might need to edit some interface names) and do a clean re-build of things you might are happy to get cleaned up. Might throw in some scripting here and there.
     
    BR
    Daniel
    #2
    BrUz
    Gold Member
    • Total Posts : 399
    • Scores: 8
    • Reward points: 0
    • Joined: 2011/09/30 01:26:25
    • Location: Norway
    • Status: offline
    Re: 200D to 200E - Easiest way to migrate / upgrade ? 2019/01/10 04:18:33 (permalink)
    0
    Did this with a 100d to 100e.
    Updated both boxes to same FW and merged the config manually step by step with all interfaces and policy. Did use a compare editor to have control of the changes.
    Had around 100vlans and 200 policy++

    Fortigate <3
    #3
    Dave Hall
    Expert Member
    • Total Posts : 1360
    • Scores: 140
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: 200D to 200E - Easiest way to migrate / upgrade ? 2019/01/10 10:07:13 (permalink)
    5 (2)
    Kevin Shanus
    Can I take a backup of the 200D config, edit the interfaces and restore it to the 200E? 


    Providing both units are on the same firmware, this should work - you will need to replace the header line on the 200D config with one from a 200E config.  Since both models have different port configurations, it may be best to save a factory reset config from the 200E so you can see the port/interface differences via a text editor/compare tool. 
     
    When you load the "revised" 200D config on the 200E, perform a diagnose debug config-error-log read after that first reboot to see what "messed" up and edit the config accordingly.

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.2/5.4 (FWF40C/FW92D/FGT200B/FGT200D/FGT101E)/ FAP220B/221C
    #4
    BrUz
    Gold Member
    • Total Posts : 399
    • Scores: 8
    • Reward points: 0
    • Joined: 2011/09/30 01:26:25
    • Location: Norway
    • Status: offline
    Re: 200D to 200E - Easiest way to migrate / upgrade ? 2019/01/11 00:38:39 (permalink)
    0
    I would use the 200E clean config in the bottom for the new config and only add all the basic needed config from the 200D.
     
    The diagnose debug config-error-log read Dave is reffering to are very nice to use. 
     
    - When i did this in newer FortiOS i also needed to recreate the PreSharedKeys for all the tunnels. Newer needed to do that before.

    Fortigate <3
    #5
    Kevin Shanus
    New Member
    • Total Posts : 5
    • Scores: 1
    • Reward points: 0
    • Joined: 2014/05/15 04:56:43
    • Status: offline
    Re: 200D to 200E - Easiest way to migrate / upgrade ? 2019/01/11 07:34:49 (permalink)
    3.5 (2)
    Thank you for all the suggestions. I went ahead with what Dave Hall suggested.
     
    I built the interfaces/virtual switches in the 200E and backed up the config. I took a backup of the config on the 200D. I used notepad++ and added in the 64bit compare plugin but in this specific case I didn't use the plugin much. I just copied and pasted / replaced the interface information on the 200D as well as replaced the first line of its config. I restored it to the 200E and used the "diagnose debug config-error-log read" command and just had to make a couple of tweaks to the config. I went ahead and swapped the units in our maintenance window and we're using the 200E in production as I write this. I need to swap a 90D for an 80E next week and will use this same process.
     
    Once again, thank you for all the quick and knowledgeable responses!
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5