forticonverter data sheet - enhancing the security fabric · forticonverter™ 3 highlights...

DATA SHEET

FortiConverter™Configuration Conversion for FortiOS

Fortinet has launched a new Service offering the FortiConverter Service for FortiGate: § Offers a one-time configuration migration service which will validate and convert the current configuration from one FortiGate to another FortiGate.

§ Eases the complexity by rectifying errors and provides the customer with the config change logs to better understand what was migrated.

The FortiConverter Migration Tool (separate software) is available for: § conversions of other third-party firewall vendors to FortiGate configuration and supports the conversion of other vendor’s routing, firewall, NAT and IPsec VPN configuration to FortiOS and FortiManager™.

Highlights

§ Simplifies migration from legacy platforms to FortiOS solutions.

§ Translates complex firewall policies, NAT and objects, and IPsec VPN rules to FortiOS policies.

§ Standardizes conversions, facilitates policy audit.

§ Provides policy and object dashboard and configuration viewer.

§ Uses a database to store conversions and to support large configuration files.

Managing MigrationTransitioning complex legacy firewall configurations to next-generation solutions presents many issues and challenges. From a high level, this can look relatively simple; however, any manager of security solutions knows this is not the case, and that proper planning is essential.

One of the most significant challenges is migrating NAT from a source firewall that uses separate firewall polices and NAT rules. When you migrate to FortiOS, these rules often need to be merged, and much of FortiConverter’s conversion engine focuses on these NAT merge complexities.

FortiConverter’s conversion engine makes the transition process more reliable and predictable, reducing the human errors that occur in manual processes and producing corresponding benefits to timelines and, therefore, costs. Because legacy systems have grown organically over time, the migration seems daunting and cost-prohibitive. Fortinet believes that transitioning to next-generation security platforms should be as seamless as possible. For this reason, we have developed the FortiConverter software solution. With FortiConverter and its ability to automate conversion from multiple vendors, you have a viable method for moving to consolidated, standardized platforms. Whether in timelines, costs, or manpower, FortiConverter provides substantial advantages.

FortiConverter™

2 www.fortinet.com

Multi-vendor Support Conversion from Check Point, Cisco, Juniper, Alcatel-Lucent, Palo Alto Networks, McAfee, Trend Micro and SonicWall. As well as Snort IPS signatures. A single tool converts configurations from all supported vendors.

FortiGate Configuration Viewer

The FortiOS configuration viewer helps FortiGate administrators manually migrate configurations from a FortiGate configuration file by providing a graphical interface to view policies and objects, and copy CLI.

Standardized Conversion Configuration conversion is performed according to conversion rules and policy review and tuning is done after the conversion, prior to generating the output. Human error in the conversion process is minimized.

Full Support A valid FortiConverter license entitles users to direct Engineering support and private builds to support their complex conversion projects.

Conversion Service For customers migrating legacy FortiGate to new ForitGate platforms. Also supports single conversion of any conversion supported by FortiConverter. Customers are provided with a conversion report and configuration file.

Key Features and Benefits

Professional ServicesFortiConverter is a policy migration tool that can reduce migration

workloads and shorten project delivery timescales. However, the

success of any migration project depends on factors other than

the selection of tools. Many large organizations and consulting

services companies use FortiConverter for their migration

projects, but you may choose to engage Fortinet professional

services to provide customized consulting service for your

migration. By engaging the skills and experience of Fortinet

Professional Services, you can avoid pitfalls that are unique to

migration projects.

Typical migration tasks include:

§ Solution design, design guides, and best practice

§ Project and migration plans

§ Migration risk analyses

§ Appliance commissioning

§ Policy migration

§ Cutover support and troubleshooting

§ Test plan execution and validation

§ Post-cutover incident management

To engage Fortinet Professional Services for your project, contact

your Fortinet partner account manager.

FortiConverter ServiceThe migration of legacy FortiGate configurations to a new FortiGate

can be problematic if there are significant jumps between software

releases, take for an example 5.0 to 6.0. The FortiConverter

Service offering includes a one-time migration of the configuration

of the legacy FortiGate to the new FortiGate with the latest FortiOS

version or a customer selected specific FortiOS version and a

report on the changes as well as configuration differences will be

documented via the TAC Support case for the customer’s review.

Customers wanting a simple transition to a new FortiGate can

leverage the FortiConverter Service to receive the report and new

configuration file which can be restored to the new device.

The service can be purchased as an add-on with your FortiGate.

Once service has been registered on support.fortinet.com, a Service

ticket can be opened from the support portal directly using the

option Assistance > Create a Ticket > FortiConverter Service Ticket.

The service entitles you to a single conversion, which must be

completed in a period of 365 days.

FortiConverter™

3

Multi-vendor support

Conversion summary

SCREENSHOTS

Conversion review

New application, saved conversions

New application, policy and object editing

New application, review of the conversion dataset

FortiConverter™

4 www.fortinet.com

ORDER INFORMATION

FortiConverter Service

FORTICONVERTER WORKFLOW

• Text/XML configuration files

• Vendor dataset created

• Supports multiple releases

• Generate FortiOS CLI from FortiOS dataset

• FortiOS dataset can be modified first

• Parsed to extract supported objects

• Conversion of vendor-specific dataset to FortiOS dataset for target release

Source file

Config parser

Vendor-specificdataset

FortiOS dataset

CLI output

Add-on SKU Product Base Product SKU Description

FC-10-0030E-189-02-DD FortiGate FG-30E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-00038-189-02-DD FortiGate FWF-30E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-E30EI-189-02-DD FortiGate FG-30E-3G4G-INTL FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-I30EI-189-02-DD FortiGate FWF-30E-3G4G-INTL FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-G30EN-189-02-DD FortiGate FG-30E-3G4G-NAM FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-I30EN-189-02-DD FortiGate FWF-30E-3G4G-NAM FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service



FC-10-W502R-189-02-DD FortiGate FWF-50E-2R FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service





FC-10-W060E-189-02-DD FortiGate FWF-60E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-FG60E-189-02-DD FortiGate FG-60E-DSL FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-FW60F-189-02-DD FortiGate FWF-60E-DSL FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-FG60P-189-02-DD FortiGate FG-60E-POE FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-W061E-189-02-DD FortiGate FWF-61E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-00E80-189-02-DD FortiGate FG-80E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-0080E-189-02-DD FortiGate FG-80E-POE FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-00E81-189-02-DD FortiGate FG-81E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-0081E-189-02-DD FortiGate FG-81E-POE FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-FG1HE-189-02-DD FortiGate FG-100E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-FG1HF-189-02-DD FortiGate FG-100EF FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-00119-189-02-DD FortiGate FG-101E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-00143-189-02-DD FortiGate FG-140E-POE FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service






GLOBAL HEADQUARTERSFortinet Inc.899 KIFER ROADSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE905 rue Albert Einstein06560 Valbonne FranceTel: +33.4.8987.0500

Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

FST-PROD-DS-FCCC FC-DAT-R7-201806

APAC SALES OFFICE8 Temasek Boulevard#12-01 Suntec Tower ThreeSingapore 038988Tel: +65.6395.2788

LATIN AMERICA SALES OFFICESawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323United StatesTel: +1.954.368.9990

FortiConverter™

Product SKU Description

FortiConverter FC-10-CON01-401-01-12 1-year multi-vendor configuration migration tool for building FortiOS configurations, requires Windows.

FortiConverter FC-10-CON01-401-02-12 1-year renewal multi-vendor configuration migration tool for building FortiOS configurations, requires Windows.

Add-on SKU Product Base Product SKU Description


FC-10-002KE-189-02-DD FortiGate FG-2000E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-02K5E-189-02-DD FortiGate FG-2500E FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-03960-189-02-DD FortiGate FG-3960E-DC FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-03980-189-02-DD FortiGate FG-3980E-DC FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-6K30F-189-02-DD FortiGate FG-6300F FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service




FC-10-FVM00-189-02-DD FortiGate VM FG-VM00 FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-FG1VM-189-02-DD FortiGate VM FG-VM01V FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service








FC-10-F16VM-189-02-DD FortiGate VM FG-VM16V FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service


FC-10-F32VM-189-02-DD FortiGate VM FG-VM32V FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-FVMUL-189-02-DD FortiGate VM FG-VMUL FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

FC-10-FULVM-189-02-DD FortiGate VM FG-VMULV FortiConverter Service for FortiGate-to-FortiGate one-time configuration migration service

ORDER INFORMATION

FortiConverter Service

FortiConverter Migration Tool (Software)

forticonverter data sheet - enhancing the security fabric · forticonverter™ 3 highlights...

Documents