The recognized leader in proven and affordable load
balancing and application delivery solutions
Application Delivery Controller
EQ/OS 10
Version 8.6 to Version 10 Configuration Converter
for Equalizer™ LX and GX Series
February 25, 2015
Equalizer Administration Guide
EQ/OS 8.6 to EQ/OS 10 Configuration
Converter
EQ/OS 8.6 and EQ/OS 10 configuration files are not compatible. It is not possible to simply copy
an older configuration to a new installation during the upgrade process, as is done when upgrading
from a 8.6 to an 8.6 version, or from a 10 to a 10 version. The reason for this is that the two
versions use different operating systems and cannot read each other's file systems.
The configuration migration will create a EQ/OS 10 configuration that is functionally equivalent to
the EQ/OS 8.6 configuration in the supplied backup archive. Note that because of differences in
the object model used by the two releases, there will not necessarily be a one-to-one
correspondence between EQ/OS 8.6 objects and EQ/OS 10 objects as shown below. For example,
since servers are defined within clusters in EQ/OS 8.6, some adjustments to a EQ/OS 8.6
configuration must be made because servers are global objects in EQ/OS 10 that must be placed
in server pools before they are associated with clusters.
Configuration Conversion Notes
1. You must be running EQ/OS 8.6.0i-patch1 to upgrade to EQ/OS 10.
2. SSL Certificates are not converted. They will need to be to manually
reinstalled after the migration to EQ/OS 10 is complete.
3. In EQ/OS 8.6, outbound NAT could be configured to use the Server IP, Cluster IP, Failover
IP or the Subnet IP (default). However, when converting to EQ/OS 10, the configuration
converter will look for a subnet to which the server belongs and will configure it to NAT out
of that Subnet IP. If no such subnet exists, then outbound NAT for the EQ/OS 8.6-configured
server must be manually converted within EQ/OS 10. For the configuration converter to
configure/convert outbound NAT from EQ/OS 8.6 to EQ/OS 10, the EQ/OS 8.6 Enable Outbound
NAT global flag must be set.
4. A Static Route configured in EQ/OS 8.6 is converted if and only if the Gateway IP is a part of
an existing subnet. If no such subnet exists, the EQ/OS 8.6 static route must be manually
converted within EQ/OS 10.
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
3
EQ/OS 8.6 to EQ/OS 10 Configuration Converter
How configuration objects will be converted
Configuration Objects:
Notes:
Match Rules
Converted completely.
Local Peer Configuration
Only the local peer is converted. See "Failover" below.
Switch Ports
Converted completely.
VLANs
Automatically added as a VLAN with a single subnet on EQ/OS 10.
Responders
Converted completely if responder files are present in the backup.
They will be automatically added.
Added as global server objects and server instances within server
pools.
Servers
The Server VID is now deprecated, and servers are automatically
considered to be part of a particular subnet, based on their IP
address. If using multi netting with servers, start with the converted
configuration and then modify it by adding an additional subnet in a
VLAN to achieve the multi-netting desired.
Outbound NAT is configured differently now. (via networking as
opposed to server configuration). You will need to manually verify and
set up Outbound NAT after converting the configuration.
Converted completely (with the exception of "Certificates" as
described below).
Clusters
Send and receive socket options are not converted because they are
deprecated. These are automatically managed in EQ/OS 10.
Cluster VID is now deprecated. See the note about Server VID above.
4
VMware server configuration for VLB basic
Converted completely.
Email alerts
Converted completely. These are converted into email notification
alerts.
Envoy configuration
Not converted
Smart Control events
Not converted
Failover
Not completely converted. Only the "local" peer is converted. It is
recommended that you reconfigure failover after the conversion.
Users
Not converted. Because the password is encoded, there is no way to
add a user automatically -- manual intervention is needed to type the
password. Also, the permissions model is different in EQ/OS 10, so
there can be no direct conversion between them.
Certificates
Not converted. They are not present in the EQ/OS 8.6 backup file. You
will need to manually reinstall them.
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Equalizer Administration Guide
Object Names Affected by Configuration Migration
In EQ/OS 8.6, each cluster is assigned its own servers. In EQ/OS 10, servers are global objects.
When migrated, server names are contrived using the cluster name and server name to avoid
having duplicates.
Note - It should be noted that EQ/OS 8.6 object names in excess of 47 characters will be truncated and appended with
"_XXX". "XXX" is a number that starts with 000 and will increment. For example, two server instances may be
appended with _000 and _001.
The following are examples of the name changes. If the EQ/OS 8.6 configuration was:
cluster cl00 >> server sv00
The resulting cluster-server name in the configuration in EQ/OS 10 will be:
server cl00_sv00
EQ/OS 10 uses Server Pools that contain Server Instances. When migrating to EQ/OS 10 a Server
Pool will be created using the cluster-server details described. A server instance (si) will be
created for the new EQ/OS 10 server and assigned to a new cluster. For example:
A server pool (srvpl) is created with a new server instance (si):
srvpl cl00 >> si cl00_sv00
A new cluster is created with the new server pool attached:
cluster cl00 >> srvpl cl00
However, if there are duplicate servers shared between clusters in the EQ/OS 8.6 configuration,
there will be a configuration where we use the name of the first cluster in which it appears, and
there is a mismatch between the server name and the cluster name:
If the configuration in EQ/OS 8.6 was:
cluster cl00 >> server sv00 (1.2.3.4 80)
cluster cl01 >> server sv01 (1.2.3.4 80)
The resultant EQ/OS 10 configuration will be:
server cl00_sv00 (Note only one server)
srvpl cl00 >> si cl00_sv00
srvpl cl01 >> si cl00_sv00 (Note the mismatch)
cluster cl00 >> srvpl cl00
cluster cl01 >> srvpl cl01
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
5
EQ/OS 8.6 to EQ/OS 10 Configuration Converter
Migration Process
The following describes the process of converting an EQ/OS 8.6 configuration to EQ/OS 10. It is
recommended that the migration be executed on a "clean" Equalizer, meaning, without configured
objects. If there are configured objects on your system, it is advisable to review the names and IP
configuration to verify that there are no conflicts with the migrating EQ/OS 8.6 configuration. If
there are conflicts, they will be noted and displayed when the migration script is executed.
General Work Flow
1. On EQ/OS 8.6, create a backup archive of the system. You will not be able to
downgrade to EQ/OS 8.6 in the event that a downgrade becomes necessary in
the future.
2. Upgrade your EQ/OS 8.6 system to EQ/OS 10.
3. Upload the backup file to EQ/OS 10.
4. Convert the backup file to a EQ/OS 10 configuration script.
5. Run the script.
In Version 8.6, outbound NAT may be configured to use the server IP, cluster IP, failover IP
or the subnet IP (default case). However, the converter will look for a subnet to which the
server belongs and configure it to NAT out of that subnet IP . If no such subnet exists, then
outbound NAT for that Version 8.6 server must be manually converted to EQ/OS 10.
For the converter to configure/convert outbound NAT from Version 8.6 to EA/OS 10, the
Version 8.6 global flag - enable_outbound_nat must be set.
Static Routes:
A static route configured in Version 8.6 is converted if the gateway IP is a part of an existing
subnet. If no such subnet exists, the Version 8.6 static route must be manually converted to
EQ/OS 10.
6
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Equalizer Administration Guide
Conversion using the CLI 1. Create a backup of the EQ/OS 8.6 system. Refer to the Equalizer
Administration Guide for EQ/OS 8.6 for instructions.
2. Upgrade your EQ/OS 8.6 system to EQ/OS 10. Refer to the Equalizer
Administration Guide for instructions.
3. Upload the EQ/OS 8 backup file onto the system:
eqcli > files download [URL or Path to *.bkp file]
For example:
eqcli > files download ftp://10.0.0.10/os8backup.bkp
4. Convert the backup file into a EQ/OS 10 CLI script:
eqcli> cfg_convert file [backup filename] outfile [output filename]
For example:
eqcli> cfg_convert file os8backup.bkp outfile os8cfg.script
This will create a CLI script file, also in the EQ/OS 10 data store. It will also create
files for any “sorry” responders in the datastore. The script will be a list of eqcli
commands to create converted configuration objects and comments describing
parameters which could not be converted. For example:
cluster myclust proto "tcp" ip 10.0.0.10 port 1 range 4999 stickyto 3500
idleto 36000
# Unsupported user touch option: desc = touch (unable to migrate this
option, it must be hand converted)
Note - When viewing the translated file, look for lines that begin with "#" (comments). These are lines which could not
be converted with the reason displayed. Make a note of these lines and determine whether the parameters described by
them are important to them. If they are, they will need to be manually configured later. If not, they can be ignored.
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
7
EQ/OS 8.6 to EQ/OS 10 Configuration Converter
5. Enter the following:
eqcli> run_script [output filename]
For example:
eqcli> run_script os8cfg.script
This will process the script, one line at a time, and stop if any errors are encountered.
Here is an example of a successful run:
eqcli > run_script myscript
eqcli: 12020315: Processing line 1: server newserver ip 3.4.5.6 port 80
proto tcp
eqcli: 12000287: Operation successful
eqcli: 12020315: Processing line 2: server otherserver ip 3.4.5.6 port 81
proto tcp
eqcli: 12000287: Operation successful
eqcli: 12020318: All commands processed successfully.
eqcli >
6. If the script completes successfully you can continue using the system as
normal. You may need to install certificates first .
7. If the script completed with an error you can modify the offending command,
and restart the script from that line:
eqcli> files edit [filename]
eqcli> run_script [filename] [start line]
For example:
eqcli> files edit myscript
eqcli> run_script myscript 5
Note - The default editor that is used when the "files edit" command is executed is "ee". If you are editing a long file, it
may be helpful to jump to particular line number. In "ee", to do this, press CTRL+C to enter command mode, and then
type the line number to jump to.
8. Once you have verified that the configuration was successfully converted,
you can remove the EQ/OS 8 backup file and converted CLI script from the file
8
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Equalizer Administration Guide
store:
eqcli> no files [filename]
For example:
eqcli> no files os8backup.bkp
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
9
EQ/OS 8.6 to EQ/OS 10 Configuration Converter
Conversion using the GUI
The GUI work flow would be simplified, particularly because there is no plan to implement file
management in the GUI. This would all be done using a wizard screen with several steps:
1. Log in to the GUI.
2. Click on Equalizer on the left navigational pane.
3. Click on the Maintenance tab and then Tools on the right to display the Tools
accordion tabs.
4. Click on the Configuration Converter accordion tab and the following will be
displayed.
The EQ/OS 8.6 backup file can be uploaded either from a URL or FTP server or from a local
directory. Proceed with either step 5 or step 6 depending on the location of your backup file. After
selecting a file from either method described in steps 5 and 6, proceed with step 7.:
Note - By default, VLANs and Subnets in the EQ.OS 8.6 configuration will be converted. Enabling the Ignore VLANs
and Subnets option will cause the converter to ignore VLANs and Subnets in the EQ/OS 8.6 configuration.
5. To upload from a URL or FTP Server:
a. Click on the FTP URL option and enter the FTP location or URL in the
space provided.
10
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Equalizer Administration Guide
b. Click on Continue to upload the file. A Please Wait message should
appear while the file is downloaded from the FTP site. If connection
with the FTP site fails, an error message will be displayed. If
successful, a message will be displayed prompting you to continue.
Press Continue again and the Verify and Run Configuration Script screen will be
displayed.
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
11
EQ/OS 8.6 to EQ/OS 10 Configuration Converter
6. To upload a locally stored file:
a. Click on the Local File option and then Continue to located the file.
b. After locating the file, select it and click on Open to begin the
upload process.
7. The Verify and Run Configuration Script screen is a line numbered text editor. Here you
can modify a script as needed before continuing with the conversion.
12
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Equalizer Administration Guide
8. After clicking on Run the script is executed on Equalizer. If no errors occur
and the script runs to completion a Configuration Complete message will be
displayed. If an error occurs the a Correct Error and Continue screen will be displayed
which is the same as the Verify and Run Script screen except that it opens at the line
at which the error occurred as indicated by the error message.
a. If you click on Cancel, the editor screen will be closed and you will
be prompted to Save your conversion script in the file store.Refer to
the Equalizer Administration Guide for instructions on accessing and
editing files in the data store using the CLI. Click on Discard to discard
the script.
b. Click on Continue to execute the script on Equalizer starting at the
line on which the error occurred. If no errors occur and the script
runs to completion, a Configuration Complete message will be displayed. If
an error occurs, the Correct Error and Continue screen will be displayed
again and will open at the line at which the error occurred as
indicated by the error message.
9. After the script has completed running the new objects should appear on the
left navigational pane.
Copyright © 2015 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
13