FortiConverter - Best Choice
September 02, 2021

FortiConverter - Best Choice

Shahab Razak | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with FortiConverter

FortiConverter is being used for all firewall migrations to FortiGate from legacy platforms. FortiConverter enables a smooth staged migration with minimal to no outages during the cutover windows. We have used it to migrate all Cisco ASA firewalls (virtual and physical) to FortiGate appliances. FortiConverter allows us to properly audit the existing rules and ensure that we do not migrate obsolete, zero hit, and nested or shadow rules to the new platform.
  • Audit existing rulesets from CheckPoint, Cisco, Juniper and other platforms
  • Build migration rulesets to FortiGate
  • Stages migration before actual cutover
  • Reduces or eliminates obsolete and shadow rules
  • Simple logic
  • Programming or scripting skills are not needed but highly recommended
  • Requires excellent command of REGEX
  • Interface Mapping from complex topologies requires a deep understanding of FortiGate interface capabilities and scripting
  • Multi-platform migration support to FortiGate
  • Easy to use interface for simple topologies
  • Support migration to multiple VDOMs (virtual FortiGate FWs)
  • Advance routing support (e.g. Policy-based routing, BGP, etc.)
  • Enterprise centralized management
  • Easy to script changes
  • Streamlined migrations successful on the first try
  • Simple and fast cutover maintenance window
  • Audit and tune existing rule base
  • Quickly identify shadow rules
  • Quickly identify rules with elevated access
FortiConverter is the easiest of the firewall migration tools to use compared to Checkpoint SmartMove, Cisco Firewall Migration Tool, FWMIG, etc. It has a more robust user interface and allows you to customize the rule imports as needed. Rulebase analysis, hit count, NAT, and dynamic routing are presented in an easy to understand format with FortiConverter.

Do you think FortiConverter delivers good value for the price?


Are you happy with FortiConverter's feature set?


Did FortiConverter live up to sales and marketing promises?


Did implementation of FortiConverter go as expected?


Would you buy FortiConverter again?


Unless you are rebuilding rules from scratch, FortiConverter is a must-have when migrating legacy rulesets from competing platforms such as Cisco ASA, CheckPoint, Juniper, etc. to FortiGate Appliances. Without FortiConverter, guaranteed there will be some flows you missed and you will be troubleshooting them during your cutover maintenance window. Utilizing FortiConverter, you will minimize such issues as cutover time because you have the ability to stage the new ruleset in advance. Complex topologies and multi-platform migrations require highly skilled consultation from experts that [have] done this several times before.

Using FortiConverter

5 - Network Engineers on the Firewall Migration Team utilize the FortiConverter tool to migrate legacy rulebase on competitor platforms to the FortiGate platform. Existing rules are imported and analyzed in FortiConverter, tuned, then migrated to the FortiGate platform. This reduces the risk of errors and allows for a smooth and fast cutover.
5 - A DevOps skillset is recommended to operate FortiConverter as scripting and code writing skills will help tremendously when converting rules from a legacy platform such as CheckPoint, Cisco ASA, Juniper, etc. to the FortiGate platform. An expert level knowledge of REGEX is also highly recommended.
  • Firewall migration to FortiGate platform
  • Staging firewall migrations
  • Analyzing existing ruleset
  • Identifying and removing shadow rules
  • Consolidating rules
  • Firewall rule consolidation
  • Identifying shadow rules
  • Tuning existing rule sets
  • When upgrading to higher powered appliances
  • Cloning firewalls in the cloud
  • Migrating physical firewalls to the cloud
FortiConverter is currently the best option to assist in migrating legacy firewalls to FortiGate firewalls. FortiConverter is flexible enough to be the single tool to use when migrating Check Point, Cisco ASA, Juniper and other platforms to FortiGate Firewalls. FortiConverter is not a multi-user software however it is easy for multiple engineers to work on a single or multiple migration projects.

Evaluating FortiConverter and Competitors

  • Product Features
  • Product Usability
FortiConverter is provided by the firewall vendor we are migrating to, FortiGate and for this reason it was the best alternative to manual processes, building from scratch. FortiConverter was built for the platform we are migrating to and therefore contained the features and capabilities tested in the field. FortiNet also provided full support for the FortiConverter software.
Our approach was to migrate context by context, vdom by vdom in a singular fashion. The network topology allowed us to do this on a firewall by firewall basis and stage and test the migration using FortiConverter prior to the maintenance window. This allowed for a very streamlined swing over of physical interfaces and IP addresses. This left lots of room for testing all the applications on the new platform within a regular maintenance window.