FortiConverter - Best Choice
Rating: 10 out of 10
September 02, 2021
SR
Vetted Review
Verified User
3 years of experience
FortiConverter is being used for all firewall migrations to FortiGate from legacy platforms. FortiConverter enables a smooth staged migration with minimal to no outages during the cutover windows. We have used it to migrate all Cisco ASA firewalls (virtual and physical) to FortiGate appliances. FortiConverter allows us to properly audit the existing rules and ensure that we do not migrate obsolete, zero hit, and nested or shadow rules to the new platform.
- Audit existing rulesets from CheckPoint, Cisco, Juniper and other platforms
- Build migration rulesets to FortiGate
- Stages migration before actual cutover
- Reduces or eliminates obsolete and shadow rules
- Simple logic
- Multi-platform migration support to FortiGate
- Easy to use interface for simple topologies
- Support migration to multiple VDOMs (virtual FortiGate FWs)
- Advance routing support (e.g. Policy-based routing, BGP, etc.)
- Enterprise centralized management
- Easy to script changes
- Streamlined migrations successful on the first try
- Simple and fast cutover maintenance window
- Audit and tune existing rule base
- Quickly identify shadow rules
- Quickly identify rules with elevated access
FortiConverter is the easiest of the firewall migration tools to use compared to Checkpoint SmartMove, Cisco Firewall Migration Tool, FWMIG, etc. It has a more robust user interface and allows you to customize the rule imports as needed. Rulebase analysis, hit count, NAT, and dynamic routing are presented in an easy to understand format with FortiConverter.
5
Network Engineers on the Firewall Migration Team utilize the FortiConverter tool to migrate legacy rulebase on competitor platforms to the FortiGate platform. Existing rules are imported and analyzed in FortiConverter, tuned, then migrated to the FortiGate platform. This reduces the risk of errors and allows for a smooth and fast cutover.
5
A DevOps skillset is recommended to operate FortiConverter as scripting and code writing skills will help tremendously when converting rules from a legacy platform such as CheckPoint, Cisco ASA, Juniper, etc. to the FortiGate platform. An expert level knowledge of REGEX is also highly recommended.
- Firewall migration to FortiGate platform
- Staging firewall migrations
- Analyzing existing ruleset
- Identifying and removing shadow rules
- Consolidating rules
- Firewall rule consolidation
- Identifying shadow rules
- Tuning existing rule sets
- When upgrading to higher powered appliances
- Cloning firewalls in the cloud
- Migrating physical firewalls to the cloud
No
- Product Features
- Product Usability
FortiConverter is provided by the firewall vendor we are migrating to, FortiGate and for this reason it was the best alternative to manual processes, building from scratch. FortiConverter was built for the platform we are migrating to and therefore contained the features and capabilities tested in the field. FortiNet also provided full support for the FortiConverter software.
Our approach was to migrate context by context, vdom by vdom in a singular fashion. The network topology allowed us to do this on a firewall by firewall basis and stage and test the migration using FortiConverter prior to the maintenance window. This allowed for a very streamlined swing over of physical interfaces and IP addresses. This left lots of room for testing all the applications on the new platform within a regular maintenance window.