Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
supportchris
New Contributor

FortiGate 50e Config File to new (same model) FortiGate 50e

Hello all --

 

I currently have a FortiGate 50e (#1) up and running. I will be installing a second 50e (#2) in another location. I wanted to copy (restore) the config form #1 to device #2. Since most of the settings will be the same, I wanted to cut time down on having to do a full configuration on #2 and just change the settings that need to be changed. However, once I restore the config file to #2, it no longer allows me to access the device. Any suggestions?

5 REPLIES 5
Toshi_Esumi
Esteemed Contributor III

I'm not sure what you meant by "access the device". But assume you're realizing it (#2) has #1's config including interface IPs and admin username/password. Then to figure out what's going on or change something to allow your access from an interface, you need to get in via Console port and use CLI to do it.

You could have pre-modified the config file to adjust it for #2's needs before uploading. But since it's already uploaded, modifying it via Console would be the fastest option.

supportchris

Thanks for the input Toshi.

 

Just for clarity, what I meant by cant access is that I cant get to it by GUI or CLI. Unfortunately I am not a network person (more of the sys admin type) and am not too experienced with configuring network equipment. We had a service provider configure the original one so I just took that config file, modified it with a new IP and uploaded it. However, with the new IP (or even old IP) I was unable to get into the device. It was connected to a stand alone laptop so that it wouldnt interfere with the current network. I was able to get it going through the cloud and changed\updated configurations that way.

Toshi_Esumi
Esteemed Contributor III

Then, probably you couldn't even ping the IP you are trying to get in with. Could be a typo for the address when you change or DHCP if your laptop is relying to. Anyway, you need to console into it then correct.

Dave_Hall

That last sentence in Chris's last post seems to imply he found a round-about way to resolve the issue.  But yet, if I was on site, I would have had console (rollover) cable connected and puttying into that #2 to see where the problem is. 

 

Chris may want to edit his OP if issue is indeed resolved.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ede_pfau
Esteemed Contributor III

Just a note for someone who's planning to 'clone' a FGT like this.

There's nothing much speaking against it. Maybe you want to change some settings in the config file before restoring it. It's a text file IF you don't back up 'encrypted'. Thinking of hostname and alias (in CLI: config system global).

 

One caveat:

in the config file, delete the section with local certificates! 'config vpn cert local' and below. If you don't the local, factory certificates will show the serial number of the clone master FGT, not the cloned one.

You can fix this after the deed with a CLI command but it's far easier to avoid this situation right from the start.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors