Migrate to Fabric ADOM 7.0.2

Copy Link

Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:517850

Download PDF

Migrate to Fabric ADOM 7.0.2

Migrating other ADOM types to Fabric ADOM type is now supported via a CLI command.

In this example, several ADOM types are created (FortiGate, FortiMail, and FortiWeb) and migrated to a Fabric type ADOM.

To migrate a non-Fabric ADOM to a Fabric ADOM:

Create several customized ADOMs, for example:
- FortiGate ADOM type: FGT_ADOM1
- FortiWeb ADOM type: FWB_ADOM1
- FortiMail ADOM type: FML_ADOM1
Configure the FortiGate, FortiWeb, and FortiMail devices to send logs to FortiAnalyzer and promote these devices to their individual ADOMs.
Create custom event handlers in each of these ADOMs.
Create reports in each of these ADOMs.
From the FortiAnalyzer CLI, use the following command to migrate an ADOM to a Fabric ADOM: execute migrate fabric <ADOM name>.
You can add multiple ADOM names by separating them with a comma.
In the example below, FGT_ADOM1 is migrated to a Fabric ADOM.
execute migrate fabric FGT_ADOM1

Note: This operation will replace the current settings of 1 ADOM(s) and reboot the system.

ADOM: FGT_ADOM1

Do you want to continue? (y/n)

Result: OK(0).

Summary:

- 08 Nov 2021 18:10:16 migrate FortiGate ADOM FGT_ADOM1(206) to fabric.

1 ADOM(s) will migrate to fabric.

Please wait for reboot...
After the system boots up, check the ADOM type for FGT_ADOM1 in the CLI. It is now a Fabric ADOM.
FAZVM64 # FAZVM64 # diagnose dvm adom list

There are currently 22 ADOMs:

OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS ISDB

206 enabled FSF 7.0 0 FGT_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

210 enabled FML 7.0 0 FML_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

208 enabled FWB 7.0 0 FWB_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

128 enabled FAZ 7.0 0 FortiAnalyzer Normal Policy & Device VPNs 18.192 7.1996

144 enabled FAC 6.0 4 FortiAuthenticator Normal Policy & Device VPNs 18.192 7.1996

132 enabled FCH 4.0 2 FortiCache Normal Policy & Device VPNs 0.0 0.0

124 enabled FOC 7.0 0 FortiCarrier Normal Policy & Device VPNs 18.192 7.1996

134 enabled FCT 7.0 0 FortiClient Normal Policy & Device VPNs 18.192 7.1996

142 enabled FDD 6.0 2 FortiDDoS Normal Policy & Device VPNs 18.192 7.1996

172 enabled FDC 4.0 0 FortiDeceptor Normal Policy & Device VPNs 0.0 0.0

170 enabled FFW 6.0 2 FortiFirewall Normal Policy & Device VPNs 18.192 7.1996

174 enabled FWC 6.0 2 FortiFirewallCarrier Normal Policy & Device VPNs 18.192 7.1996

126 enabled FML 7.0 0 FortiMail Normal Policy & Device VPNs 18.192 7.1996

138 enabled FMG 7.0 0 FortiManager Normal Policy & Device VPNs 18.192 7.1996

146 enabled FPX 2.0 0 FortiProxy Normal Policy & Device VPNs 0.0 0.0

140 enabled FSA 4.0 0 FortiSandbox Normal Policy & Device VPNs 0.0 0.0

130 enabled FWB 6.0 4 FortiWeb Normal Policy & Device VPNs 18.192 7.1996

136 enabled LOG 0.0 0 Syslog Normal Policy & Device VPNs 0.0 0.0

148 enabled FSF 7.0 0 Unmanaged_Devices Normal Policy & Device VPNs 18.192 7.1996

122 enabled Chassis 6.0 0 Chassis Normal Policy & Device VPNs 18.192 7.1996

3 enabled FSF 7.0 0 root Normal Policy & Device VPNs 18.192 7.1996

10 enabled FOS 7.0 0 Global Normal Policy & Device VPNs 18.192 7.1996

---End ADOM list---
In the GUI, go to System Settings > All ADOMs. You can see that the ADOM type is now Fabric.
In FGT_ADOM1, go to Log View. The log files are kept, and the log view is working normally.
Go to FortiSoC > Handlers > Event Handler List. Your previously configured event handlers are available.
Go to Reports > Report Definitions > All Reports. Your previously configured reports are available.
Perform the same Fabric migration for the other customized ADOMs: FML_ADOM1 and FWB_ADOM1.
FAZVM64 # execute migrate fabric FML_ADOM1,FWB_ADOM1

Note: This operation will replace the current settings of 2 ADOM(s) and reboot the system.

ADOM: FML_ADOM1,FWB_ADOM1

Do you want to continue? (y/n)y

Result: OK(0).

Summary:

- 08 Nov 2021 18:28:20 migrate FortiMail ADOM FML_ADOM1(210) to fabric.

- 08 Nov 2021 18:28:20 migrate FortiWeb ADOM FWB_ADOM1(208) to fabric.

2 ADOM(s) will migrate to fabric.

Please wait for reboot...
After the system boots up, perform the same check as had been performed with FGT_ADOM1 and confirm the results are similar.
Since FGT_ADOM1, FML_ADOM1, and FWB_ADOM1 are Fabric ADOMs, all types of devices can be promoted into these ADOMs, and all device logs are also inserted into the siemdb.

Migrating other ADOM types to Fabric ADOM type is now supported via a CLI command.

In this example, several ADOM types are created (FortiGate, FortiMail, and FortiWeb) and migrated to a Fabric type ADOM.

To migrate a non-Fabric ADOM to a Fabric ADOM:

Create several customized ADOMs, for example:

FortiGate ADOM type: FGT_ADOM1
FortiWeb ADOM type: FWB_ADOM1
FortiMail ADOM type: FML_ADOM1

Configure the FortiGate, FortiWeb, and FortiMail devices to send logs to FortiAnalyzer and promote these devices to their individual ADOMs.

Create custom event handlers in each of these ADOMs.

Create reports in each of these ADOMs.

From the FortiAnalyzer CLI, use the following command to migrate an ADOM to a Fabric ADOM: execute migrate fabric <ADOM name>.
You can add multiple ADOM names by separating them with a comma.
In the example below, FGT_ADOM1 is migrated to a Fabric ADOM.

execute migrate fabric FGT_ADOM1

Note: This operation will replace the current settings of 1 ADOM(s) and reboot the system.

ADOM: FGT_ADOM1

Do you want to continue? (y/n)

Result: OK(0).

Summary:

- 08 Nov 2021 18:10:16 migrate FortiGate ADOM FGT_ADOM1(206) to fabric.

1 ADOM(s) will migrate to fabric.

Please wait for reboot...

After the system boots up, check the ADOM type for FGT_ADOM1 in the CLI. It is now a Fabric ADOM.

FAZVM64 # FAZVM64 # diagnose dvm adom list

There are currently 22 ADOMs:

OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS ISDB

206 enabled FSF 7.0 0 FGT_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

210 enabled FML 7.0 0 FML_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

208 enabled FWB 7.0 0 FWB_ADOM1 Normal Policy & Device VPNs 18.192 7.1996

128 enabled FAZ 7.0 0 FortiAnalyzer Normal Policy & Device VPNs 18.192 7.1996

144 enabled FAC 6.0 4 FortiAuthenticator Normal Policy & Device VPNs 18.192 7.1996

132 enabled FCH 4.0 2 FortiCache Normal Policy & Device VPNs 0.0 0.0

124 enabled FOC 7.0 0 FortiCarrier Normal Policy & Device VPNs 18.192 7.1996

134 enabled FCT 7.0 0 FortiClient Normal Policy & Device VPNs 18.192 7.1996

142 enabled FDD 6.0 2 FortiDDoS Normal Policy & Device VPNs 18.192 7.1996

172 enabled FDC 4.0 0 FortiDeceptor Normal Policy & Device VPNs 0.0 0.0

170 enabled FFW 6.0 2 FortiFirewall Normal Policy & Device VPNs 18.192 7.1996

174 enabled FWC 6.0 2 FortiFirewallCarrier Normal Policy & Device VPNs 18.192 7.1996

126 enabled FML 7.0 0 FortiMail Normal Policy & Device VPNs 18.192 7.1996

138 enabled FMG 7.0 0 FortiManager Normal Policy & Device VPNs 18.192 7.1996

146 enabled FPX 2.0 0 FortiProxy Normal Policy & Device VPNs 0.0 0.0

140 enabled FSA 4.0 0 FortiSandbox Normal Policy & Device VPNs 0.0 0.0

130 enabled FWB 6.0 4 FortiWeb Normal Policy & Device VPNs 18.192 7.1996

136 enabled LOG 0.0 0 Syslog Normal Policy & Device VPNs 0.0 0.0

148 enabled FSF 7.0 0 Unmanaged_Devices Normal Policy & Device VPNs 18.192 7.1996

122 enabled Chassis 6.0 0 Chassis Normal Policy & Device VPNs 18.192 7.1996

3 enabled FSF 7.0 0 root Normal Policy & Device VPNs 18.192 7.1996

10 enabled FOS 7.0 0 Global Normal Policy & Device VPNs 18.192 7.1996

---End ADOM list---

In the GUI, go to System Settings > All ADOMs. You can see that the ADOM type is now Fabric.

In FGT_ADOM1, go to Log View. The log files are kept, and the log view is working normally.

Go to FortiSoC > Handlers > Event Handler List. Your previously configured event handlers are available.

Go to Reports > Report Definitions > All Reports. Your previously configured reports are available.

Perform the same Fabric migration for the other customized ADOMs: FML_ADOM1 and FWB_ADOM1.

FAZVM64 # execute migrate fabric FML_ADOM1,FWB_ADOM1

Note: This operation will replace the current settings of 2 ADOM(s) and reboot the system.

ADOM: FML_ADOM1,FWB_ADOM1

Do you want to continue? (y/n)y

Result: OK(0).

Summary:

- 08 Nov 2021 18:28:20 migrate FortiMail ADOM FML_ADOM1(210) to fabric.

- 08 Nov 2021 18:28:20 migrate FortiWeb ADOM FWB_ADOM1(208) to fabric.

2 ADOM(s) will migrate to fabric.

Please wait for reboot...

After the system boots up, perform the same check as had been performed with FGT_ADOM1 and confirm the results are similar.

Since FGT_ADOM1, FML_ADOM1, and FWB_ADOM1 are Fabric ADOMs, all types of devices can be promoted into these ADOMs, and all device logs are also inserted into the siemdb.

New Features

Migrate to Fabric ADOM 7.0.2

Migrate to Fabric ADOM 7.0.2

To migrate a non-Fabric ADOM to a Fabric ADOM:

Migrate to Fabric ADOM 7.0.2

To migrate a non-Fabric ADOM to a Fabric ADOM: