MIGRATION RUNBOOK

[Audio] Welcome to the Telefónica Deichmann SD-WAN migration runbook walkthrough! This video will explain in detail how the migration of FortiGate firewall in a Deichmann store looks like. For all the details have a look at the runbook PDF we provided to you. Those light blue circles in this video directly reference to the step-by-step instructions of the runbook. Ready? Let's start!.

[Audio] Go to your assigned Deichmann store at the appropriate time. It's ok to be a bit early or even a bit late, but be aware there are other migrations throughout Europe scheduled in detail. So stick to your timetable. Enter the store and show you digital serviceID card that Telefónica sent you via e-mail to the store staff. They are expecting you because of an announcement they got. They will grant you access to the IT rack. Open the rack and make a photo to prove what you found. You might need this photo yourself later..

[Audio] Now unbox the new FortiGate 70G and connect it to the internet on port WAN1. Use any ethernet cable for that – for example the one shipped with the 70G. Use any free port on the primary internet router for this. You can even disconnect a less crucial device other than the old FortiGate from the internet router if necessary. In case there is more than one router, the primary internet router is the one connected to WAN1 on the old FortiGate. Now use the new power supply unit and the power cord to put the 70G to power..

[Audio] Now: wait! At least for 20 minutes. This is very, very important! During these 20 minutes a lot of magic happens on the FortiGate, and disrupting this process will wreck the FortiGate. In that case you will have to call the hotline, factory-reset the device and start over and over again. So – just wait these 20 minutes. Please!.

[Audio] Once the 20 minutes are over, prepare the rackmount kit. First of all you print a label with your label printer, stating the hostname of this FortiGate. That's lowercase „rt" followed by the storeID without the middle hyphen. So for the store 0030 hyphen 0214, the hostname will be rt00300214. Stick the label to the front, above the status LEDs. No mount the 70G to your spare rackmount kit you brought with you. Do not install the new power supply unit – those are faulty and we are not using them for installment, just for preparation. Make sure you patch the front ports accordingly, so 1 patches to 1, 2 patches to 2 and so on. You know the drill. In case the front cover labels differ – that might especially happen with the ports 7, DMZ, port A and port B – print additional labels with your label printer to fix that. When you are done, every single port of the back of the FortiGate shall match its port on the front cover..

[Audio] Ready to go? Now go back to the store staff and inform them that a downtime of approx. 10 minutes will begin now. During this downtime internet will not be available, and therefore no cashless payment and no guest Wifi..

[Audio] Now time is ticking. Work fast, but calm and concentrated. Unmount the old FortiGate. Disconnect the power cord and all LAN cables. Unmount the old power supply unit from the rackmount kit. Then take a photo of the serial number of the power supply unit. That's the white sticker, not the black one. Then mount this old power supply unit into the new rackmount kit of the 70G. Do not, under any circumstances, mount the new power supply to the new rackmount kit! You can use whatever power cable is convenient for you – preferably the one already in the rack, but also the new one if that makes more sense to you..

[Audio] Now it's time for the network switchover. Connect the primary internet router that has been connected to port WAN1 on the old FortiGate to port WAN1 on the new one. Do the same with the secondary internet router on WAN2 to WAN2 if there is one. These cables are often yellow, but don't bet the farm on it. No for the tricky part: connect the cable to the FortiSwitch that has been connected to port 1 to port A on the 70G – that means you have to switch ports. This one is typically red. In case you are in a Snipes store there probably is a Cisco Meraki switch that has been connected to port 2. Connect it to port 5 on the 70G. So again – switch ports from 2 to 5 for the Cisco Meraki switch. Once you are done, the network LEDs on the front should be active: WAN1 for internet WAN2 in case there is a secondary internet router attached LAN A for the FortiSwitch LAN 5 in case you are in a Snipes store and have a Cisco Meraki switch connected If not all or other LEDs are active, you somehow messed up. Check if you patched the ports correctly. If the lower LED of a port stays yellow instead of green, that's ok – then it's not a Gigabit connection, but that is fine..

[Audio] Ok. The store should be online again. Let's check with the store people. Test any credit card payment, for example by waiting for the next customer, buying a plastic bag paying with card or similar. Let the staff check the „goods movement tool" on the main cash register Let the staff check the Zebra tablets, with the Connect and Sovia apps. Sometimes the Zebra tablet needs a reboot to connect properly to the new WiFi Connect to the guest Wifi of the store, e.g. with your smartphone, and open any website to test the local internet breakout Everything works fine? Congratulations! Let's finish up..

[Audio] Tidy up a bit and take your „after" photo of the rack to prove the new FortiGate 70G is running and has the right ports attached..

[Audio] Now you shall factory-reset the old FortiGate. Continue only in case you are 100% sure the store works fine! After factory-resetting the old FortiGate you cannot roll back. Connect the FortiGate to power again using the new power supply unit you haven't installed in the rackmount kit. Wait until the green status LED is blinking slowly. Now use your SIM pin, a paper clip or similar to press and hold the reset button at the back of the FortiGate until the upper row of LEDs on the LAN ports are flashing once. Now this FortiGate does not contain any sensitive data anymore and is ready for disposal..

[Audio] Next step: packing up- Put the old FortiGate, the Ethernet cable and the power cord into the package of the new FortiGate. Do not put the power supply unit into the package! Take that one with you – you might need it someday. Write O2 FORTIGATE TO DC WEST BOTTROP/GERMANY – RETURN and the storeID on top of the package. That will instruct the store people how to deal with the package later..

[Audio] No take a photo of the serial number of the new power supply unit you take with you. We have to track all these serial numbers with Fortinet, so it is important to get this photo from you!.

[Audio] Take you stuff with you for the next store: the now empty rackmount kit, the new power supply unit and of course your tools..

[Audio] Hand over the package to the store staff – they will handle it properly for central disposal in Germany..

[Audio] And now for the last and very, very important part: fill out the form linked in the runbook. You will have to answer the basic question if the migration was successful or not, and you have to upload your photos, including the photos of the serial numbers of the power supply units. And that's it! One done, some to go. In case you have any issues in the store, reach out to the hotline stated in the runbook to get live assistance on the phone or via MS Teams..

[Audio] Thank you for your time!. Restricted – Beschränkter Zugriff.