Replacing hardware that is logging to a FortiAnalyzer

1 Reply

I am sure you have all come across this issue. You are logging your FortiGates (or other devices) to the FortiAnalyzer and you experience a failure of said hardware. You have a backup of the config so you move the config over to the replacement device but now your new firewall or device is listed as an unregistered device in the FortiAnalyzer. This is actually a pretty easy issue to fix as you only have to replace the serial number of the original device with the serial of the new device. Below is the config steps to perform this via CLI of the FortiAnalyzer:

execute device replace <old serial number> <name> <new serial number>

This entry was posted in FortiAnalyzer on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “Replacing hardware that is logging to a FortiAnalyzer

  1. Stefan

    For 6.0.2 it is:
    execute device replace sn
    And it works only if it’s the same model.
    I had to replace 60C with 61E where it is not working, is there an option to migrate data?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.