Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    7.2.0
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    SonicWall Start options

    SonicWall Start options

    This table lists the start settings.

    Setting Description
    Profile
    Description Enter a description of the configuration.
    Output Options
    Output Format Select the appropriate output for your target Fortinet device.
    FOS Version

    The configuration syntax is slightly different among FortiOS 6.4, 7.0, 7.2, and 7.4. Select the version that corresponds to the FortiOS version on the target.
    Input
    Source Configuration Select the input file.

    Bulk Conversion

    If there are many devices to be converted where all of them are the same model, sharing the same interface mapping relationship in conversion, then bulk conversion can convert all of them at once. Collect all the configuration files to be converted, compress them into a ZIP file and use the ZIP file as the input.

    Target device (Optional)

    Target device

    Select the model of the target device, or select a device connected to FortiConverter.
    Conversion Options
    Discard unreferenced firewall objects

    Specifies whether addresses, schedules, and services that aren't referenced by a policy are saved and added to the output.

    This option can be useful if your target device has table size limitations. You can view the unreferenced objects that FortiConverter removed on the Tuning page.
    Increase Address and Service Table Sizes for High-End Models You can customize the maximum table sizes that FortiConverter uses when Adjust table sizes is selected. For more information, see Adjusting table sizes.

    Policy index start from 1 instead of 10000

    When selected, the serial number of firewall policies will start from 1 instead of 10000.

    NGFW policy-based mode

    When selected, the conversion will be in NGFW policy-based mode.

    "firewall policy" will become "firewall security-policy" instead, and "set application 00000" will be generated in policies, which requires manual processing. There will also be some other minor differences adapted for the NGFW policy-based CLI.

    Split Address group From VPN Phase2 selector

    If the remote side of VPN is not a FortiGate but a device of other vendor, setting an address group in the VPN phase2 quick selector does not work. When this option is enabled, a VPN phase2 object with an address group in the selector would be split into multiple objects with subnet or a range in selector.

    Ignore auto-added VPN access rules

    Ignore all the Auto-added VPN inbound and outbound rules in conversion.

    Ignore auto-added NAT access rules

    Ignore Auto NATs generated by SonicWall in conversion.

    Keep original policy ID

    Use the same policy ID as policies configured in SonicWALL.

    Replace zone with member interfaces

    When this option is disabled by default, FortiConverter replaces all interfaces configured in central NAT rules into the zones they belong to.

    When this option is enabled, FortiConverter discards all zone objects in SonicWALL and directly uses interfaces as the source and destination interface of firewall policies.

    Convert CFS web filters

    SonicWall exclusive option, when enabled, SonicWall CFS web filters and CFS polices will be converted into FGT url filters and app polices
    Comment Options
    Include input configuration lines for each output policy Specifics whether FortiConverter uses SW_RULE_ID as policy comment for each FortiGate policy or the original comment from rules in SonicWall configuration.

    Policy comment - Preserve the original comment

    Include the original comment in source file in the comment of the output policy.
    NAT Merge Options
    Ignore firewall policies with all or any addresses Specifies whether FortiConverter ignores firewall policies with an "all" or "any" address when it merges a NAT rule and a firewall policy to create a FortiGate NAT policy. FortiConverter creates new policies in the output configuration based on where NAT rules to firewall policies intersect. Because firewall policies that use "all" or "any" as the address create many intersections, Fortinet recommends that you ignore them.
    Enable Central NAT merge Specifies whether FortiConverter converts NATs to FortiGate central NATs instead of policy-based NATs
    Nat Merge Depth

    Identical NAT

    Source NAT

    Destination NAT

    Double NAT

    Specifies which types of NAT FortiConverter merges with the output firewall policies, or whether FortiConverter performs NAT merge based on object names or values.

    • Off -FortiConverter converts firewall policies only and doesn't perform NAT merge for this type of NAT. This is useful for performing a quick, initial conversion to discover any conversion issues.
    • Object Names–FortiConverter performs NAT merge based on matching address names in firewall policies and NAT rules.
    • Object Values–FortiConverter performs NAT merge based on matching address values in firewall policies and NAT rules. It generates the most accurate matching of NAT rules and policies, but in most cases, it also generates more NAT policies.

    Previous
    Next

    SonicWall Start options

    SonicWall Start options

    This table lists the start settings.

    Setting Description
    Profile
    Description Enter a description of the configuration.
    Output Options
    Output Format Select the appropriate output for your target Fortinet device.
    FOS Version

    The configuration syntax is slightly different among FortiOS 6.4, 7.0, 7.2, and 7.4. Select the version that corresponds to the FortiOS version on the target.
    Input
    Source Configuration Select the input file.

    Bulk Conversion

    If there are many devices to be converted where all of them are the same model, sharing the same interface mapping relationship in conversion, then bulk conversion can convert all of them at once. Collect all the configuration files to be converted, compress them into a ZIP file and use the ZIP file as the input.

    Target device (Optional)

    Target device

    Select the model of the target device, or select a device connected to FortiConverter.
    Conversion Options
    Discard unreferenced firewall objects

    Specifies whether addresses, schedules, and services that aren't referenced by a policy are saved and added to the output.

    This option can be useful if your target device has table size limitations. You can view the unreferenced objects that FortiConverter removed on the Tuning page.
    Increase Address and Service Table Sizes for High-End Models You can customize the maximum table sizes that FortiConverter uses when Adjust table sizes is selected. For more information, see Adjusting table sizes.

    Policy index start from 1 instead of 10000

    When selected, the serial number of firewall policies will start from 1 instead of 10000.

    NGFW policy-based mode

    When selected, the conversion will be in NGFW policy-based mode.

    "firewall policy" will become "firewall security-policy" instead, and "set application 00000" will be generated in policies, which requires manual processing. There will also be some other minor differences adapted for the NGFW policy-based CLI.

    Split Address group From VPN Phase2 selector

    If the remote side of VPN is not a FortiGate but a device of other vendor, setting an address group in the VPN phase2 quick selector does not work. When this option is enabled, a VPN phase2 object with an address group in the selector would be split into multiple objects with subnet or a range in selector.

    Ignore auto-added VPN access rules

    Ignore all the Auto-added VPN inbound and outbound rules in conversion.

    Ignore auto-added NAT access rules

    Ignore Auto NATs generated by SonicWall in conversion.

    Keep original policy ID

    Use the same policy ID as policies configured in SonicWALL.

    Replace zone with member interfaces

    When this option is disabled by default, FortiConverter replaces all interfaces configured in central NAT rules into the zones they belong to.

    When this option is enabled, FortiConverter discards all zone objects in SonicWALL and directly uses interfaces as the source and destination interface of firewall policies.

    Convert CFS web filters

    SonicWall exclusive option, when enabled, SonicWall CFS web filters and CFS polices will be converted into FGT url filters and app polices
    Comment Options
    Include input configuration lines for each output policy Specifics whether FortiConverter uses SW_RULE_ID as policy comment for each FortiGate policy or the original comment from rules in SonicWall configuration.

    Policy comment - Preserve the original comment

    Include the original comment in source file in the comment of the output policy.
    NAT Merge Options
    Ignore firewall policies with all or any addresses Specifies whether FortiConverter ignores firewall policies with an "all" or "any" address when it merges a NAT rule and a firewall policy to create a FortiGate NAT policy. FortiConverter creates new policies in the output configuration based on where NAT rules to firewall policies intersect. Because firewall policies that use "all" or "any" as the address create many intersections, Fortinet recommends that you ignore them.
    Enable Central NAT merge Specifies whether FortiConverter converts NATs to FortiGate central NATs instead of policy-based NATs
    Nat Merge Depth

    Identical NAT

    Source NAT

    Destination NAT

    Double NAT

    Specifies which types of NAT FortiConverter merges with the output firewall policies, or whether FortiConverter performs NAT merge based on object names or values.

    • Off -FortiConverter converts firewall policies only and doesn't perform NAT merge for this type of NAT. This is useful for performing a quick, initial conversion to discover any conversion issues.
    • Object Names–FortiConverter performs NAT merge based on matching address names in firewall policies and NAT rules.
    • Object Values–FortiConverter performs NAT merge based on matching address values in firewall policies and NAT rules. It generates the most accurate matching of NAT rules and policies, but in most cases, it also generates more NAT policies.

    Previous
    Next