Fortinet black logo

online help

Juniper Conversions

Copy Link
Copy Doc ID a26371c3-75fd-11ea-9384-00505692583a:75479

Juniper Conversions

Juniper ScreenOS or Junos OS differences

VLAN logical interfaces

FortiConverter recognizes interface names starting with "vlan" as logical interfaces.

Service objects

Junos OS service objects support MS-RPS and SUN-RPC, where program-numbers (SUN) and UUID (MS) are used instead of ports.

FortiOS supports this configuration using Application Control with an application override.

Example of Junos service object conversion

config application list

edit "MS-ActiveDirectory"

config entries

edit 1

set application 152305667

config parameters

edit 1

set value "45f52c28-7f9f-101a-b52b-08002b2efabe"

next

edit 2

set value "811109bf-a4e1-11d1-ab54-00a0c91e9b45"

next

end

set action pass

next

end

next

end

edit 10012

set srcintf "trust"

set dstintf "mgn"

set srcaddr "MEI-Novi-172.24.81.0-24" "MEI-Novi-172.24.80.0-24" "MEI-Novi-172.24.252.112-28"

set dstaddr "MEI-WAN"

set service "MS-ActiveDirectory"

set schedule "always"

set logtraffic all

set status enable

set action accept

set comments "95"

set application-list "MS-ActiveDirectory"

next

NAT support

For SRX Series gateways, supports the FortiConverter conversion of the following NAT types:

  • Destination NAT
  • Source NAT
  • Static NAT

In ScreenOS, source NAT is implicitly enabled when: the destination zone is in the untrust-vr, the source zone is trust zone and the destination zone is untrust zone, and both belong to the trust-vr.

Juniper Conversions

Juniper ScreenOS or Junos OS differences

VLAN logical interfaces

FortiConverter recognizes interface names starting with "vlan" as logical interfaces.

Service objects

Junos OS service objects support MS-RPS and SUN-RPC, where program-numbers (SUN) and UUID (MS) are used instead of ports.

FortiOS supports this configuration using Application Control with an application override.

Example of Junos service object conversion

config application list

edit "MS-ActiveDirectory"

config entries

edit 1

set application 152305667

config parameters

edit 1

set value "45f52c28-7f9f-101a-b52b-08002b2efabe"

next

edit 2

set value "811109bf-a4e1-11d1-ab54-00a0c91e9b45"

next

end

set action pass

next

end

next

end

edit 10012

set srcintf "trust"

set dstintf "mgn"

set srcaddr "MEI-Novi-172.24.81.0-24" "MEI-Novi-172.24.80.0-24" "MEI-Novi-172.24.252.112-28"

set dstaddr "MEI-WAN"

set service "MS-ActiveDirectory"

set schedule "always"

set logtraffic all

set status enable

set action accept

set comments "95"

set application-list "MS-ActiveDirectory"

next

NAT support

For SRX Series gateways, supports the FortiConverter conversion of the following NAT types:

  • Destination NAT
  • Source NAT
  • Static NAT

In ScreenOS, source NAT is implicitly enabled when: the destination zone is in the untrust-vr, the source zone is trust zone and the destination zone is untrust zone, and both belong to the trust-vr.