Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    6.2.1
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Manual Configuration Migration Prerequisite

    Manual Configuration Migration Prerequisite

    Some configurations cannot be converted by FortiConverter but need to be configured manually. Please follow the steps below to import certificates and migrate FortiToken to new device.

    Import your Certificate

    Before importing the certificate, please prepare either your certificate (.crt) and private key (.key), or the PKCS#12 certificate (.pfx).

    Steps to import the signed certificate into your FortiGate:
    1. Log in to your FortiGate unit and go to System > Certificates.

      2. If there’s no Certificates, please click Feature Visibility and enable the Certificates.

    2. Click Import > Local Certificate.
    3. Upload the local certificate file and private key, then click OK.

      4. If you use a password to encrypt the certificate file, please fill the password as well.

    4. The certificate will be added and the status of the certificate will change from PENDING to OK.
    FortiGate provides the capability to download the certificate. However, for security reasons, the private key encrypted in FortiGate cannot be accessed. To successfully restore the private key, you need to find the matched origin key to import the certificate to another FortiGate device.

    Migrate FortiToken

    To import the FortiToken Hardware into your FortiGate:
    1. Export the FortiToken config from the old device and import the config to the new device. The config can be output in the CLI console by the commands:

      2. "config user fortitoken" -> "show".

    2. Remove the FortiTokens from the old device, or block the access of the old device to FortiGuard. This would prevent the old device from requesting the activation of the tokens after they are reset.
    3. Reset the activation flags for the tokens through FortiCare.

      4. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you reset the activation flags of the FortiTokens. The message should include the SN of the old device and the FortiTokens.

      The TAC would reset the activation flag and inform you after it is completed.

    4. Connect the new device to FortiGuard, and the tokens would be activated.
    To import the FortiToken into your FortiGate:
    1. Transfer the FortiToken license from the old device SN to the new device SN through FortiCare.

      2. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you migrate the FortiTokens from the old device to the new device. The message should include the SN of the old device, the new device, and the FortiTokens.

      The TAC would migrate the token and inform you after the migration is completed.

    2. Activate the FortiToken on the new device.

      3. Go to the page User & Authentication > FortiTokens on the new device. Click Create New and input the activation code of the FortiTokens. The tokens would be imported into the new device.

    3. Re-provision every user, which means to bind a new token to user’s app again.

      4. Configure users on the new device, send the activation code through e-mails or SMS to do re-provision for all users, and the migration is completed. The seeds on the old device cannot be restored to the new device. This is designed to prevent possible fraudulent attacks.

    Previous
    Next

    Manual Configuration Migration Prerequisite

    Manual Configuration Migration Prerequisite

    Some configurations cannot be converted by FortiConverter but need to be configured manually. Please follow the steps below to import certificates and migrate FortiToken to new device.

    Import your Certificate

    Before importing the certificate, please prepare either your certificate (.crt) and private key (.key), or the PKCS#12 certificate (.pfx).

    Steps to import the signed certificate into your FortiGate:
    1. Log in to your FortiGate unit and go to System > Certificates.

      2. If there’s no Certificates, please click Feature Visibility and enable the Certificates.

    2. Click Import > Local Certificate.
    3. Upload the local certificate file and private key, then click OK.

      4. If you use a password to encrypt the certificate file, please fill the password as well.

    4. The certificate will be added and the status of the certificate will change from PENDING to OK.
    FortiGate provides the capability to download the certificate. However, for security reasons, the private key encrypted in FortiGate cannot be accessed. To successfully restore the private key, you need to find the matched origin key to import the certificate to another FortiGate device.

    Migrate FortiToken

    To import the FortiToken Hardware into your FortiGate:
    1. Export the FortiToken config from the old device and import the config to the new device. The config can be output in the CLI console by the commands:

      2. "config user fortitoken" -> "show".

    2. Remove the FortiTokens from the old device, or block the access of the old device to FortiGuard. This would prevent the old device from requesting the activation of the tokens after they are reset.
    3. Reset the activation flags for the tokens through FortiCare.

      4. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you reset the activation flags of the FortiTokens. The message should include the SN of the old device and the FortiTokens.

      The TAC would reset the activation flag and inform you after it is completed.

    4. Connect the new device to FortiGuard, and the tokens would be activated.
    To import the FortiToken into your FortiGate:
    1. Transfer the FortiToken license from the old device SN to the new device SN through FortiCare.

      2. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you migrate the FortiTokens from the old device to the new device. The message should include the SN of the old device, the new device, and the FortiTokens.

      The TAC would migrate the token and inform you after the migration is completed.

    2. Activate the FortiToken on the new device.

      3. Go to the page User & Authentication > FortiTokens on the new device. Click Create New and input the activation code of the FortiTokens. The tokens would be imported into the new device.

    3. Re-provision every user, which means to bind a new token to user’s app again.

      4. Configure users on the new device, send the activation code through e-mails or SMS to do re-provision for all users, and the migration is completed. The seeds on the old device cannot be restored to the new device. This is designed to prevent possible fraudulent attacks.

    Previous
    Next