Next Generation Firewall (NGFW)

Expand all | Collapse all

Replace FortiGate 100D HA to 200E HA not have downtime.

  • 1.  Replace FortiGate 100D HA to 200E HA not have downtime.

    Posted Feb 26, 2020 03:33 PM
    Dear All

    I would like best practice for replace FortiGate 100D HA to 200E HA not have downtime.


  • 2.  RE: Replace FortiGate 100D HA to 200E HA not have downtime.

    Posted Mar 01, 2020 05:29 AM
    I don't think you can do it without any downtime because of its difference model.
    I think you can prepare earlier to reduce downtime like rack-mount the appliance, make sure you tagging the cable and be ready to troubleshooting.


  • 3.  RE: Replace FortiGate 100D HA to 200E HA not have downtime.

    Posted Mar 02, 2020 02:34 PM
    To minimize downtime, ideally, you would convert the 100D configuration to the new 200E devices, verify failover, verify policy and routing BEFORE you schedule a cutover. Best way to do this is to use the same OS version. Minimize the number of changes you will be introducing. If you have the devices racked, it should be as easy as moving the interfaces to the new device (primary first) and clear the arp caches to connected switches and routers. Have a clearly defined cutover procedure (step-by-step), validation test (helpful to run before/after testing), and backout plan.