Fortinet white logo
Fortinet white logo

online help

Caveats

Caveats

FortiGate Device mode migration requires connection through a FortiGate device to perform the REST-API install. Users can import the converted configuration directly to the target device from the import wizard page.

The configuration that may block the connection to the device can be replaced or removed by FortiConverter and marked with warning label on the import wizard. You need to configure these settings after the configuration import.

Below are some settings you may want to check.

  • config system global
    • set admin-sport
    • set admin-port
    • set admin-server-cert
    • set admin-maintainer
  • config system settings
    • set manageip
  • config system admin
  • config system replacemsg *
  • The config of the connection interface between FortiConverter and device.

Below are some settings that FortiConverter doesn’t import.

  • All certificate related
  • All encrypted password would be overridden to "12345678"
  • config user fortitoken

There are known issues in the RESTAPI of the FortiGate side. It may cause the import configuration to be incomplete but still shows that the import was successful, especially the profile configurations.

For example:

  • config webfilter profile.
  • config voip profile
  • config firewall profile-protocol-options
One suggestion is to review them by CLI Comparison and manually upload to the device.

The migration is consisted of two main parts.

  1. The first part is the configuration conversion from lower version to higher version base on the input configuration and the target device version.
  2. The second part is to import the converted configuration to import to the target device.

After the import, review, and manually adjust, the restorable configuration which can be established by "Backup config". It downloads the configuration from the device and can restore it to another device.

Caveats

Caveats

FortiGate Device mode migration requires connection through a FortiGate device to perform the REST-API install. Users can import the converted configuration directly to the target device from the import wizard page.

The configuration that may block the connection to the device can be replaced or removed by FortiConverter and marked with warning label on the import wizard. You need to configure these settings after the configuration import.

Below are some settings you may want to check.

  • config system global
    • set admin-sport
    • set admin-port
    • set admin-server-cert
    • set admin-maintainer
  • config system settings
    • set manageip
  • config system admin
  • config system replacemsg *
  • The config of the connection interface between FortiConverter and device.

Below are some settings that FortiConverter doesn’t import.

  • All certificate related
  • All encrypted password would be overridden to "12345678"
  • config user fortitoken

There are known issues in the RESTAPI of the FortiGate side. It may cause the import configuration to be incomplete but still shows that the import was successful, especially the profile configurations.

For example:

  • config webfilter profile.
  • config voip profile
  • config firewall profile-protocol-options
One suggestion is to review them by CLI Comparison and manually upload to the device.

The migration is consisted of two main parts.

  1. The first part is the configuration conversion from lower version to higher version base on the input configuration and the target device version.
  2. The second part is to import the converted configuration to import to the target device.

After the import, review, and manually adjust, the restorable configuration which can be established by "Backup config". It downloads the configuration from the device and can restore it to another device.