Skip to main content
jharper
jharper
New Member
July 29, 2021
Question

Any way to convert only parts of a config?

  • July 29, 2021
  • 1 reply
  • 2116 views

Just curious if there's a way to convert only sections of a config, then just copy and paste them into the FortiGate (from a Cisco ASA).  I really only want objects and rules, but there's way too many for me to manually do it (20K+).  

I was going to examine the python code to see if I might be able to get it to work, but was curious if anyone has done it before.

 

Thanks,

 

Jeff

    1 reply

    emnoc
    emnoc
    New Member
    July 29, 2021

    I think you might want to  parse the object/group out on the ciso ASA and then forticonvert just those objects

     

    e.g

    show run object id <name_xyz>

    show run object-group id <group_xyz>

     

    or just convert the whole cfg and grab the relate fortios config  after loading it into a fortigate

     

    eg ( let's say you want just address )

     

    ssh admin@fgta..b.c.d "show firewall address " > file.address

     

    Another solution that I've used on cisco ASA and even other firewalls, is just to  enable restAPI and ask for example all of the network-objects, once you have those you can convort these into fortios lingo.

     

    e.g

     

    curl -v -k https://<asa-ipv4-addr...objects/blahblah 

     

    You might want to review the docUI for the cisco api agent.

     

    Ken Felix

     

    Terms & ConditionsAccessibility statement