Fortinet black logo

Best Practices

Home FortiProxy 7.2.0 Best Practices
7.2.0
7.4.0
7.2.0

Migration

Migration

There are two primary reasons to migrate a FortiProxy:

  • A FortiProxy is been replaced with a different model.

  • A different proxy is being replaced with a FortiProxy.

The following steps can be used to help with you migration:

  1. Audit the current configuration:

    • Remove any unused objects or policies.

    • Analyze the existing policies by assessing traffic flow through the FortiProxy and defining what the traffic should look like to determine if any of the policies can be combined.

  2. Create diagrams mapping the existing proxy to the new FortiProxy.

    For example, port1 on the old proxy could be port2 on the new FortiProxy.

  3. Configure the general settings first:

    • Interface settings: IP addresses, alias, management access, VLANs

    • Routing: static and dynamic routes

    • HA, if applicable

    • Administrative settings: user account, remove authentication server integration, SNMP, logging, and others

    • Certificates

  4. Create the used objects on the FortiProxy.

  5. Create policies

    • Separate them into sections applicable to your use case and configure them one at a time, for example: by business group (HR, accounting), or by application or service (email, CRM).

  6. Create an acceptance test plan:

    • This must be executed as part of the cut-over maintenance window.

    • Have an employee from each affected section verify functionality after the cut-over.

    • If applicable, test HA failover.

  7. Verify that the migration worked as planned as far as is possible. A lab that can simulate your normal traffic makes this much easier.

  8. Install the new FortiProxy during the maintenance window.

    • If possible, install the new FortiProxy alongside the existing proxy and only cut-over a small, select group of users.

    • Have a back-up plan in the event that the cut-over does not go as planned.

  9. Run user acceptance testing:

    • Have all affected parties ensure that their requirements are unaffected by the change.

Fortinet offers FortiConverter as a one time, paid service that helps migrate configurations to a new FortiProxy. It reduces migration complexity, and eliminates common migration configuration errors. For details on purchasing the FortiConverter service, contact you Fortinet sales partner or reseller. After the configuration generated by FortiConverter has been loaded onto the target device, Fortinet technical support or Technical Assistance Center (TAC) can assist with any issues.

Previous
Next

Migration

There are two primary reasons to migrate a FortiProxy:

  • A FortiProxy is been replaced with a different model.

  • A different proxy is being replaced with a FortiProxy.

The following steps can be used to help with you migration:

  1. Audit the current configuration:

    • Remove any unused objects or policies.

    • Analyze the existing policies by assessing traffic flow through the FortiProxy and defining what the traffic should look like to determine if any of the policies can be combined.

  2. Create diagrams mapping the existing proxy to the new FortiProxy.

    For example, port1 on the old proxy could be port2 on the new FortiProxy.

  3. Configure the general settings first:

    • Interface settings: IP addresses, alias, management access, VLANs

    • Routing: static and dynamic routes

    • HA, if applicable

    • Administrative settings: user account, remove authentication server integration, SNMP, logging, and others

    • Certificates

  4. Create the used objects on the FortiProxy.

  5. Create policies

    • Separate them into sections applicable to your use case and configure them one at a time, for example: by business group (HR, accounting), or by application or service (email, CRM).

  6. Create an acceptance test plan:

    • This must be executed as part of the cut-over maintenance window.

    • Have an employee from each affected section verify functionality after the cut-over.

    • If applicable, test HA failover.

  7. Verify that the migration worked as planned as far as is possible. A lab that can simulate your normal traffic makes this much easier.

  8. Install the new FortiProxy during the maintenance window.

    • If possible, install the new FortiProxy alongside the existing proxy and only cut-over a small, select group of users.

    • Have a back-up plan in the event that the cut-over does not go as planned.

  9. Run user acceptance testing:

    • Have all affected parties ensure that their requirements are unaffected by the change.

Fortinet offers FortiConverter as a one time, paid service that helps migrate configurations to a new FortiProxy. It reduces migration complexity, and eliminates common migration configuration errors. For details on purchasing the FortiConverter service, contact you Fortinet sales partner or reseller. After the configuration generated by FortiConverter has been loaded onto the target device, Fortinet technical support or Technical Assistance Center (TAC) can assist with any issues.

Previous
Next