Hot!Import policies to fortigate FW

Author
Ydaew
Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 05:06:21
  • Status: offline
2019/06/25 06:28:08 (permalink)
0

Import policies to fortigate FW

Hello,
Is it possible to prepare all required policies using CSV file and then during migration import those policies ?
If not what is the best way to prepare the configuration and then migrate it in the migration phase?
 
Thanks in advance
#1

5 Replies Related Threads

    jklapas
    Silver Member
    • Total Posts : 72
    • Scores: 8
    • Reward points: 0
    • Joined: 2017/06/20 05:05:23
    • Status: offline
    Re: Import policies to fortigate FW 2019/06/25 06:54:21 (permalink)
    0
    NO !!!
    if you are speaking of migration
    you need export the configuration.
    first install objects & services via cli or script
    then routes or all other dependencies mentioned in policies vi cli or script.
    then the policies in the same way you took the export BUT you need to remove the UUIDs of all the parts of configuration.
    IMPORTANT: The interface mapping is the same between the current and new box.
    IMPORTANT: if you are about to use different FortiOS there might be some changes in commands - compatibility.
     
    #2
    Dave Hall
    Expert Member
    • Total Posts : 1548
    • Scores: 167
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Import policies to fortigate FW 2019/06/25 06:57:03 (permalink)
    0
    If you are planning to upgrade an existing fgt device, perhaps you may have better luck following the upgrade path.  Otherwise, the FortiConverter may be your best bet, assuming you want to import a set of firewall rules from another (supported) FW/UTM plateform to Fortigate.  
     
    If migrating from one fgt model to another, Fortinet does not support this method, but provides the steps on doing it here.

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #3
    Ydaew
    Bronze Member
    • Total Posts : 31
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/05/30 05:06:21
    • Status: offline
    Re: Import policies to fortigate FW 2019/06/25 07:04:48 (permalink)
    0
    Thank you so much, actually no previous firewall is exist. I just want to prepare as much as i can so minimize the working time once the hardware installed up and running.
    #4
    Ydaew
    Bronze Member
    • Total Posts : 31
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/05/30 05:06:21
    • Status: offline
    Re: Import policies to fortigate FW 2019/06/25 07:06:29 (permalink)
    0
    Thank you so much, as i mentioned before we don't have previous firewall installed. i just want to minimize the working time when the hardware is installed by preparing most things.
     
    #5
    sw2090
    Platinum Member
    • Total Posts : 488
    • Scores: 23
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Import policies to fortigate FW 2019/06/26 00:37:18 (permalink)
    0
    hm I never checked if FortiOS would undestand csv. I don't think so.
    What it does understand is its cli syntax.
    And as of my own erxperience it is way faster to create policies in cli in text editor and then import this to FGT then to create them in gui. 
    The only disadvantage affects debugging: if you bulik import it via system->settings and there is some error you will only get "Failed" as a result :/
    If you copy to cli you should create the cli config without using tabs or whitespaces. I repeatedly had problems with that upon copiying to cli even if I copied from a config file I exported from a Fortigate.
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5