Manual Configuration Migration Prerequisite
Some configurations cannot be converted by FortiConverter but need to be configured manually. Please follow the steps below to import certificates and migrate FortiToken Mobile to new device.
Import your Certificate
Before importing the certificate, please prepare either your certificate (.crt) and private key (.key), or the PKCS#12 certificate (.pfx).
Steps to import the signed certificate into your FortiGate:
- Log in to your FortiGate unit and go to System > Certificates.
- Click Import > Local Certificate.
- Upload the local certificate file and private key, then click OK.
- The certificate will be added and the status of the certificate will change from PENDING to OK.
If there’s no Certificates, please click Feature Visibility and enable the Certificates.
If you use a password to encrypt the certificate file, please fill the password as well.
FortiGate provides the capability to download the certificate. However, for security reasons, the private key encrypted in FortiGate cannot be accessed. To successfully restore the private key, you need to find the matched origin key to import the certificate to another FortiGate device. |
Migrate FortiToken Mobile
To import the FortiToken Mobile into your FortiGate:
- Transfer the FortiToken license from the old device SN to the new device SN through FortiCare.
- Activate the FortiToken on the new device.
- Re-provision every user, which means to bind a new token to user’s mobile app again.
Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you migrate the FortiTokens from the old device to the new device. The message should include the SN of the old device, the new device, and the FortiTokens.
The TAC would migrate the token and inform you after the migration is completed.
Go to the page User & Authentication > FortiTokens on the new device. Click Create New and input the activation code of the FortiTokens. The tokens would be imported into the new device.
Configure users on the new device, send the activation code through e-mails or SMS to do re-provision for all users, and the migration is completed. The seeds on the old device cannot be restored to the new device. This is designed to prevent possible fraudulent attacks.