Huawei Start options
This table lists the start settings.
|
Setting |
Description |
|---|---|
|
Profile |
|
|
Description |
Enter a description of the configuration. |
|
Output Options |
|
|
Output Format |
Select the appropriate output for your target Fortinet device. |
|
FOS Version |
The configuration syntax is slightly different among FortiOS 6.4, 7.0, 7.2, and 7.4. Select the version that corresponds to the FortiOS version for the target. |
|
Input |
|
|
Source Configuration |
Select the input file. |
|
Virtual System Conversion |
Enable this option to convert configurations with multiple virtual systems. |
|
Root Configuration |
Select the system configuration file. This file should include interfaces and config file names for each security context. This option only appears if Virtual System Conversion is enabled. |
|
Vsys Configuration (.zip) |
Select the .zip file containing all the config files. The file name for each context should match the name given in the root configuration file. This option only appears if Virtual System Conversion is enabled. Please see example in Input and naming for vsys file. |
|
Bulk conversion |
If there are many devices to be converted where all of them are the same model, sharing the same interface mapping relationship in conversion, then bulk conversion can convert all of them at once. Collect all the configuration files to be converted, compress them into a ZIP file and use the ZIP file as the input. |
|
Target device (Optional) |
|
|
Target device |
Select the model of the target device, or select a device connected to FortiConverter. |
|
Conversion Options |
|
|
Discard unreferenced firewall objects |
Specifies whether addresses and services that aren't referenced by a policy are saved and added to the output. This option can be useful if your target device has table size limitations. You can view the unreferenced objects that FortiConverter removed on the Tuning page. |
|
Increase Address and Service Table Sizes for High-End Models |
You can customize the maximum table sizes that FortiConverter uses when "Adjust table sizes" is selected. For more information, see Adjusting table sizes. |
|
Route-based IPSec |
Specifies whether Route-based IPSec is used for this conversion. |
|
Policy index start from 1 instead of 10000 |
When selected, the serial number of firewall policies will start from 1 instead of 10000. |
|
NGFW policy-based mode |
When selected, the conversion will be in NGFW policy-based mode. " |
| Service Comment | Specifies whether FortiConverter copies the service comment from the source configuration to converted FortiGate service. |
|
Comment Options |
|
|
Include input configuration lines for each output policy |
Specifies whether FortiConverter includes the input configuration lines used for each FortiGate policy in the FortiGate configuration as a policy comment. |
|
Address Comment |
Specifies whether FortiConverter copies the address comment from source configuration to the converted FortiGate address. |
|
Service Comment |
Specifies whether FortiConverter copies the service comment from the source configuration to the converted FortiGate service. |
| Nat Merge Options | |
| Enable central NAT merge | Specifies whether FortiConverter converts NATs to FortiGate central NATs instead of policy-based NATs. It is recommended to enable this option with FOS 6.0 or later. |
Input and naming for vsys file
Here is an example on inputting vsys file and naming convention, please note that the file name should match the root:
Suppose the root config (test-FW-01) contains the following vsys information:
Then test-FW-01.zip should contain config files "test-FW-01-first", "test-FW-01-test_sec", "test-FW-01-something".
i.e. vsys filename = root file name and vsys name joined by dash.
|
The files should not have a filename extension (for example .txt), otherwise the filename-vsys matching would fail. |