Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
akaratas
Staff
Staff

Created on ‎09-12-2023 01:47 AM Edited on ‎09-14-2023 02:01 AM By Moderator

Article Id 273112

Technical Tip: How to restore a FortiManager appliance after RMA

Description

 

This article describes how to restore a FortiManager appliance following an RMA.

 

Scope

 

FortiManager.

 

Solution

 

Before starting the restore process, it is necessary to have an old FortiManager backup file from a previous device. 

 

  1. Restore firmware on FortiManager:
  • The firmware that needs to be restored must be the same version.
  • Setup the following IP on a PC ethernet port: IP 192.168.1.100 and Subnet Mask 255.255.255.0.
  • Connect the PC’s ethernet port to the console port of the FortiManager. The default username is 'admin' and the password is empty.
  • After connecting, run the command below:

 

show system interface

 

The command outputs should be the same as below:

 

show system interface port1

    config system interface

        edit "port1"

            set ip 192.168.1.99 255.255.255.0

            set allowaccess ping https ssh http
        next

    end

 

  • The command will show the interface where the default IP address is configured.
  • Connect the PC's ethernet port to FortiManager’s ‘port’ learned from the outputs using an ethernet cable.
  • Go to the browser reach https://192.168.1.99 and use the username and password to log in to FortiManager. 

 

To upgrade the firmware in the GUI:

  • Log into the FotiManager GUI as the admin user.
  • Go to System Settings -> Dashboard -> Select the Update button.
  • Under Upload Firmware, select Browse and find the firmware image file.
  • Select Upgrade.

 

The FortiManager uploads the firmware image file, upgrades to the new firmware version, and reboots. This will only take a few minutes.

 

  1. Restore the configuration file on a FortiManager:
  • To begin, it is important to have the same version of the firmware that was running on a replaced device when the backup was taken.
  • The device must be running the firmware corresponding with the restored config file.
  • In an HA cluster design, make sure to restore Primary FortiManager and then set up HA.
  • Setup the following IP on a PC ethernet port: IP 192.168.1.100 and Subnet Mask 255.255.255.0.
  • To check the default IP address, connect the PC’s ethernet port to the console port of the FortiManager. The default username is 'admin’ and the password is empty.
  • After connecting, run the following command:

 

show system interface

 

The command outputs should be the same as seen below:

 

show system interface port1

    config system interface

        edit "port1"

            set ip 192.168.1.99 255.255.255.0

            set allowaccess ping https ssh http

        next

     end

 

  • The command will show the interface where the default IP address is configured.
  • Connect the PC's ethernet port to FortiManager’s ‘port’ learned from the outputs using an ethernet cable.
  • Go to the browser, reach https://192.168.1.99, and use the username and password to log in to FortiManager. 

 

To restore the FortiManager configuration using the GUI:

  • Log into the FotiManager GUI as the administrator user.
  • Go to System Settings -> Dashboard -> Select Restore button.
  • Determine the location of the configuration file to be restored: the local PC or an external FTP/SFTP/SCP server.
  • Select Upload, locate the configuration file, and select Open.
  • Enter the password if required.
  • Select OK. The FortiManager will now reboot.

 

To use the CLI to restore the FortiManager configuration, copy the configuration file to the FTP/SFTP/SCP root directory and execute the following command:

 

execute restore all-settings {ftp | sftp} <ip> <string> <username> <password> <crptpasswd>
execute restore all-settings <scp> <ip> <string> <username> <ssh-cert> <crptpasswd>

 

After restoring the FortiManager configuration, the below command can be run to reclaim the FGFM tunnel for FortiGates:

 

execute fgfm reclaim-dev-tunnel <device_name> force

  

If all the FGFM tunnels do not come up, change the FortiManager serial number manually on FortiGates by following the below process:

 

exe batch start

    config system central-management

        set type fortimanager                  

        set fmg x.x.x.x       <----- IP address or FQDN of the FortiManager.

        set serial "FMG-Serial-Number"    <----- The FortiGate will be unable to authenticate the FortiManager request if the Serial Number is not set.

    end

 

exe batch end

 

If the FortiManager is running the FortiAnalyzer function, check the related article on how to migrate the Fortianalyzer that will cover the log-saving process.

 

Related documents:

Technical Tip: How to migrate a FortiAnalyzer logs and config to a new system

Technical Tip: How to restore a physical RAID storage with all logs on FortiAnalyzer

Restoring the configuration

Backing up the system

549
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.