Migrating a FortiGate configuration manually using configuration files

It is recommended to use FortiConverter to migrate a configuration between FortiGates. For details, see Migrating a configuration with FortiConverter. Only use this procedure if you do not have a FortiConverter license. Keep in mind that migrating a configuration manually might result in errors that require correction.

This procedure describes how to replace existing FortiGate equipment by manually migrating the existing configuration using the configuration files. This can be done if a FortiGate is being replaced with the same model or if a FortiGate model is upgraded to a newer model.

Before starting, ensure that you have:

• Access to a plain text editor, such as Notepad++

• An admin administrator account with the super_admin security profile

To manually migrate a FortiGate configuration:

1. Create a backup file of the existing configuration for the old FortiGate device. For details, see Configuration backups and reset.

2. Upgrade the new FortiGate device to the same firmware version as the old FortiGate device. For details, see Upgrading individual devices.

3. Create a backup file of the new FortiGate device.

4. Open the backup configuration files for both the old and new FortiGate device models, and replace the config-version section of the first line of the old FortiGate configuration file with the config-version section of the new FortiGate configuration file.

   If the new and old FortiGate devices have the same model number, for example swapping a FG-80 device with another FG-80 device, the first line in both configuration files should be the same. If the new FortiGate device is a different model number from the old FortiGate device, for example swapping a FG-80 device for a FG-100 device, update the configuration version in the first line of the configuration file. For example: #config-version=FGT80F-7.0.6-FW-build0366-220606:opmode=0:vdom=0:user=admin #config-version=FGT100F-7.0.6-FW-build0366-220606:opmode=0:vdom=0:user=admin

5. Review the configuration file on the old FortiGate device, and edit the configuration file to ensure the rest of file matches the interface layout for the new FortiGate device setup.

   This step is only required when swapping a FortiGate device with a different model number than the old FortiGate device, for example swapping a FG-80 device with a FG-100 device. If the FortiGate replacement device has the same model number, for example swapping a FG-80 device with another FG-80 device, skip this step.

6. Restore the modified configuration file from the old FortiGate device into the new FortiGate device. Once the configuration file is restored in the new FortiGate device, reboot the device.

7. Once the reboot is complete, review the error log for any import errors. If any errors are present, compare the two configuration files from both the modified old FortiGate device and the new FortiGate device and correct the errors. Use this command in the CLI to check for errors:
   #diag debug config-error-log read
   Once all errors are corrected, restore the modified configuration file into the new FortiGate device again and reboot the device. Repeat this step until all errors are gone.

8. Once the device reboots with no errors, swap the cables from the old FortiGate device to the new FortiGate device. Any FortiSwitch devices connected to the FortiGate should keep their previous configuration.