How do I import hardware from the FortiGate firewall backup configuration file to the FortiGate-VM firewall?

Hello community, 

I am a Network and Security Engineer at a small tech consulting company.

I am about to import the backup configuration file of my hardware-based FortiGate firewall onto my VM-based FortiGate firewall. 

Can you please assist me with the procedure?

Thank you for your help.

reviewer2123919 - PeerSpot reviewer
Network and Security Engineer at Digital Network Solution (DNS)
  • 6
  • 59
PeerSpot user
2 Answers
Ibidapo Ibrahim - PeerSpot reviewer
Head of IT Infrastructure at a non-tech company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Apr 5, 2023

Certainly! While importing a backup configuration file from a hardware-based FortiGate firewall to a VM-based FortiGate firewall is generally possible, there might be some differences between the two platforms that you should be aware of. Here's a step-by-step procedure to help you with the import process:

Export the backup configuration file from your hardware-based FortiGate firewall:

a. Log in to the FortiGate web-based manager.

b. Navigate to System > Maintenance > Backup & Restore.

c. Click on "Backup" and choose "Configuration Only."

d. Save the .conf file to your local machine.

Review the exported configuration file:

a. Open the .conf file in a text editor and review it for any platform-specific configurations or settings that might not be applicable to the VM-based FortiGate firewall.

b. If necessary, make adjustments to the configuration file to ensure compatibility with the VM-based FortiGate firewall. For example, you may need to adjust interface names, hardware switch settings, or other hardware-specific configurations.

Import the configuration file to your VM-based FortiGate firewall:

a. Log in to the VM-based FortiGate web-based manager.

b. Navigate to System > Maintenance > Backup & Restore.

c. Click on "Choose File" and select the modified .conf file from your local machine.

d. Click on "Restore" to import the configuration.

Verify the imported configuration:

a. After the import process is complete, your VM-based FortiGate firewall will reboot.

b. Log in to the web-based manager again and review the imported settings to ensure they have been applied correctly.

c. Test the functionality of your firewall, such as routing, VPN connections, and security policies, to make sure everything is working as expected.

Please note that you should always test the imported configuration in a non-production environment first to avoid any disruptions or issues. Additionally, keep a backup of your current VM-based FortiGate configuration before importing the new configuration in case you need to roll back.

Search for a product comparison
User at Rank IT
Mar 28, 2023

Hi, I had the same issue to restore back from 80E to 80F. I couldn't restore it and had to use a Forti convertor.

Bořivoj Tydlitát - PeerSpot reviewer
Chief Security Officer at The Mama AI
Real User
Top 5
Apr 4, 2023

Different HW and VM FortiGate models typically differ in the names of network interfaces. To account for that, it may be necessary to edit the configuration file created by the backup procedure to change the physical interface names. Fortunately, it is a plain text file - a CLI script, so use the FortiOS CLI reference documentation to understand it. We have done this multiple times - not to transition to a different platform, but to perform bulk configuration changes difficult to do the conventional way via GUI or CLI. One aspect that I unfortunately have no experience with is the encryption of secrets like user passwords or certificates - I have no idea if they will decrypt properly on a different HW or VM model. 

PeerSpot user
Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
Related Questions
Commercial Manager - Government at core tecnologia
May 16, 2023
Hello peers,  I am a Commercial Manager at a small tech services company. I am currently researching alternative firewalls for Hillstone. Which FortiGate firewall model can you replace with Hillstone? Thank you for you help.
See 1 answer
Bořivoj Tydlitát - PeerSpot reviewer
Chief Security Officer at The Mama AI
May 16, 2023
There is no simple answer. Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities. Here are some ideas based on our experience: - Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.) - What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth. - Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons.  - Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do. - Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part. - On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. In our use case, it looks like the RAM is a more scarce resource than the CPU. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%. - If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation. - Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Additionally, some of the more advanced features are available in CLI only or have to be explicitly enabled to be visible in GUI. - One more piece of advice - be conservative about FortiOS (FG firmware) major/minor releases. New releases tend to be quite buggy and it is a good idea to avoid anything that ends with a patch level less than about 5-6. On the other hand, do apply security patches diligently, some of them close really critical holes. For example, we are on 7.0.11 firmware, even though 7.2.4 and now also 7.4.0 is out.
Software Engineer at Neusoft
Apr 5, 2023
Hi, I am a software engineer for a large IT services and consulting company.  Is the SD-WAN feature in FortiGate suitable for small business applications? Thank you for your help!
2 out of 4 answers
User at Rank IT
Mar 28, 2023
Hi, Yes it's suitable for small business applications. We have implemented it for one of our clients. 
Saad Qaiser - PeerSpot reviewer
Deputy Manager (Network Design) at Comstar - Information Systems Associates Ltd.
Mar 28, 2023
Yes, you can implement it and it is very effective for SMB organizations.
Download Free Report
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.