Fortinet Document Library

Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Migrate to Fabric ADOM 7.0.2

Migrating other ADOM types to Fabric ADOM type is now supported via a CLI command.

In this example, several ADOM types are created (FortiGate, FortiMail, and FortiWeb) and migrated to a Fabric type ADOM.

To migrate a non-Fabric ADOM to a Fabric ADOM:
  1. Create several customized ADOMs, for example: 
    • FortiGate ADOM type: FGT_ADOM1
    • FortiWeb ADOM type: FWB_ADOM1
    • FortiMail ADOM type: FML_ADOM1
  2. Configure the FortiGate, FortiWeb, and FortiMail devices to send logs to FortiAnalyzer and promote these devices to their individual ADOMs.
  3. Create custom event handlers in each of these ADOMs.

  4. Create reports in each of these ADOMs.
  5. From the FortiAnalyzer CLI, use the following command to migrate an ADOM to a Fabric ADOM: execute migrate fabric <ADOM name>.
    You can add multiple ADOM names by separating them with a comma.
    In the example below, FGT_ADOM1 is migrated to a Fabric ADOM.

    execute migrate fabric FGT_ADOM1

    Note: This operation will replace the current settings of 1 ADOM(s) and reboot the system.

    ADOM: FGT_ADOM1

    Do you want to continue? (y/n)

    Result: OK(0).

    Summary:

    - 08 Nov 2021 18:10:16 migrate FortiGate ADOM FGT_ADOM1(206) to fabric.

    1 ADOM(s) will migrate to fabric.

    Please wait for reboot...

  6. After the system boots up, check the ADOM type for FGT_ADOM1 in the CLI. It is now a Fabric ADOM.

    FAZVM64 # FAZVM64 # diagnose dvm adom list

    There are currently 22 ADOMs:

    OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS ISDB

    206 enabled FSF 7.0 0 FGT_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

    210 enabled FML 7.0 0 FML_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

    208 enabled FWB 7.0 0 FWB_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

    128 enabled FAZ 7.0 0 FortiAnalyzer Normal Policy & Device VPNs 18.192 7.1996

    144 enabled FAC 6.0 4 FortiAuthenticator Normal Policy & Device VPNs 18.192 7.1996

    132 enabled FCH 4.0 2 FortiCache Normal Policy & Device VPNs 0.0 0.0

    124 enabled FOC 7.0 0 FortiCarrier Normal Policy & Device VPNs 18.192 7.1996

    134 enabled FCT 7.0 0 FortiClient Normal Policy & Device VPNs 18.192 7.1996

    142 enabled FDD 6.0 2 FortiDDoS Normal Policy & Device VPNs 18.192 7.1996

    172 enabled FDC 4.0 0 FortiDeceptor Normal Policy & Device VPNs 0.0 0.0

    170 enabled FFW 6.0 2 FortiFirewall Normal Policy & Device VPNs 18.192 7.1996

    174 enabled FWC 6.0 2 FortiFirewallCarrier Normal Policy & Device VPNs 18.192 7.1996

    126 enabled FML 7.0 0 FortiMail Normal Policy & Device VPNs 18.192 7.1996

    138 enabled FMG 7.0 0 FortiManager Normal Policy & Device VPNs 18.192 7.1996

    146 enabled FPX 2.0 0 FortiProxy Normal Policy & Device VPNs 0.0 0.0

    140 enabled FSA 4.0 0 FortiSandbox Normal Policy & Device VPNs 0.0 0.0

    130 enabled FWB 6.0 4 FortiWeb Normal Policy & Device VPNs 18.192 7.1996

    136 enabled LOG 0.0 0 Syslog Normal Policy & Device VPNs 0.0 0.0

    148 enabled FSF 7.0 0 Unmanaged_Devices Normal Policy & Device VPNs 18.192 7.1996

    122 enabled Chassis 6.0 0 Chassis Normal Policy & Device VPNs 18.192 7.1996

    3 enabled FSF 7.0 0 root Normal Policy & Device VPNs 18.192 7.1996

    10 enabled FOS 7.0 0 Global Normal Policy & Device VPNs 18.192 7.1996

    ---End ADOM list---

  7. In the GUI, go to System Settings > All ADOMs. You can see that the ADOM type is now Fabric.
  8. In FGT_ADOM1, go to Log View. The log files are kept, and the log view is working normally.

  9. Go to FortiSoC > Handlers > Event Handler List. Your previously configured event handlers are available.
  10. Go to Reports > Report Definitions > All Reports. Your previously configured reports are available.
  11. Perform the same Fabric migration for the other customized ADOMs: FML_ADOM1 and FWB_ADOM1.

    FAZVM64 # execute migrate fabric FML_ADOM1,FWB_ADOM1

    Note: This operation will replace the current settings of 2 ADOM(s) and reboot the system.

    ADOM: FML_ADOM1,FWB_ADOM1

    Do you want to continue? (y/n)y

    Result: OK(0).

    Summary:

    - 08 Nov 2021 18:28:20 migrate FortiMail ADOM FML_ADOM1(210) to fabric.

    - 08 Nov 2021 18:28:20 migrate FortiWeb ADOM FWB_ADOM1(208) to fabric.

    2 ADOM(s) will migrate to fabric.

    Please wait for reboot...

  12. After the system boots up, perform the same check as had been performed with FGT_ADOM1 and confirm the results are similar.
  13. Since FGT_ADOM1, FML_ADOM1, and FWB_ADOM1 are Fabric ADOMs, all types of devices can be promoted into these ADOMs, and all device logs are also inserted into the siemdb.

 

Migrate to Fabric ADOM 7.0.2

Migrating other ADOM types to Fabric ADOM type is now supported via a CLI command.

In this example, several ADOM types are created (FortiGate, FortiMail, and FortiWeb) and migrated to a Fabric type ADOM.

To migrate a non-Fabric ADOM to a Fabric ADOM:
  1. Create several customized ADOMs, for example: 
    • FortiGate ADOM type: FGT_ADOM1
    • FortiWeb ADOM type: FWB_ADOM1
    • FortiMail ADOM type: FML_ADOM1
  2. Configure the FortiGate, FortiWeb, and FortiMail devices to send logs to FortiAnalyzer and promote these devices to their individual ADOMs.
  3. Create custom event handlers in each of these ADOMs.

  4. Create reports in each of these ADOMs.
  5. From the FortiAnalyzer CLI, use the following command to migrate an ADOM to a Fabric ADOM: execute migrate fabric <ADOM name>.
    You can add multiple ADOM names by separating them with a comma.
    In the example below, FGT_ADOM1 is migrated to a Fabric ADOM.

    execute migrate fabric FGT_ADOM1

    Note: This operation will replace the current settings of 1 ADOM(s) and reboot the system.

    ADOM: FGT_ADOM1

    Do you want to continue? (y/n)

    Result: OK(0).

    Summary:

    - 08 Nov 2021 18:10:16 migrate FortiGate ADOM FGT_ADOM1(206) to fabric.

    1 ADOM(s) will migrate to fabric.

    Please wait for reboot...

  6. After the system boots up, check the ADOM type for FGT_ADOM1 in the CLI. It is now a Fabric ADOM.

    FAZVM64 # FAZVM64 # diagnose dvm adom list

    There are currently 22 ADOMs:

    OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS ISDB

    206 enabled FSF 7.0 0 FGT_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

    210 enabled FML 7.0 0 FML_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

    208 enabled FWB 7.0 0 FWB_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

    128 enabled FAZ 7.0 0 FortiAnalyzer Normal Policy & Device VPNs 18.192 7.1996

    144 enabled FAC 6.0 4 FortiAuthenticator Normal Policy & Device VPNs 18.192 7.1996

    132 enabled FCH 4.0 2 FortiCache Normal Policy & Device VPNs 0.0 0.0

    124 enabled FOC 7.0 0 FortiCarrier Normal Policy & Device VPNs 18.192 7.1996

    134 enabled FCT 7.0 0 FortiClient Normal Policy & Device VPNs 18.192 7.1996

    142 enabled FDD 6.0 2 FortiDDoS Normal Policy & Device VPNs 18.192 7.1996

    172 enabled FDC 4.0 0 FortiDeceptor Normal Policy & Device VPNs 0.0 0.0

    170 enabled FFW 6.0 2 FortiFirewall Normal Policy & Device VPNs 18.192 7.1996

    174 enabled FWC 6.0 2 FortiFirewallCarrier Normal Policy & Device VPNs 18.192 7.1996

    126 enabled FML 7.0 0 FortiMail Normal Policy & Device VPNs 18.192 7.1996

    138 enabled FMG 7.0 0 FortiManager Normal Policy & Device VPNs 18.192 7.1996

    146 enabled FPX 2.0 0 FortiProxy Normal Policy & Device VPNs 0.0 0.0

    140 enabled FSA 4.0 0 FortiSandbox Normal Policy & Device VPNs 0.0 0.0

    130 enabled FWB 6.0 4 FortiWeb Normal Policy & Device VPNs 18.192 7.1996

    136 enabled LOG 0.0 0 Syslog Normal Policy & Device VPNs 0.0 0.0

    148 enabled FSF 7.0 0 Unmanaged_Devices Normal Policy & Device VPNs 18.192 7.1996

    122 enabled Chassis 6.0 0 Chassis Normal Policy & Device VPNs 18.192 7.1996

    3 enabled FSF 7.0 0 root Normal Policy & Device VPNs 18.192 7.1996

    10 enabled FOS 7.0 0 Global Normal Policy & Device VPNs 18.192 7.1996

    ---End ADOM list---

  7. In the GUI, go to System Settings > All ADOMs. You can see that the ADOM type is now Fabric.
  8. In FGT_ADOM1, go to Log View. The log files are kept, and the log view is working normally.

  9. Go to FortiSoC > Handlers > Event Handler List. Your previously configured event handlers are available.
  10. Go to Reports > Report Definitions > All Reports. Your previously configured reports are available.
  11. Perform the same Fabric migration for the other customized ADOMs: FML_ADOM1 and FWB_ADOM1.

    FAZVM64 # execute migrate fabric FML_ADOM1,FWB_ADOM1

    Note: This operation will replace the current settings of 2 ADOM(s) and reboot the system.

    ADOM: FML_ADOM1,FWB_ADOM1

    Do you want to continue? (y/n)y

    Result: OK(0).

    Summary:

    - 08 Nov 2021 18:28:20 migrate FortiMail ADOM FML_ADOM1(210) to fabric.

    - 08 Nov 2021 18:28:20 migrate FortiWeb ADOM FWB_ADOM1(208) to fabric.

    2 ADOM(s) will migrate to fabric.

    Please wait for reboot...

  12. After the system boots up, perform the same check as had been performed with FGT_ADOM1 and confirm the results are similar.
  13. Since FGT_ADOM1, FML_ADOM1, and FWB_ADOM1 are Fabric ADOMs, all types of devices can be promoted into these ADOMs, and all device logs are also inserted into the siemdb.