Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmachavariani
Staff
Staff

Created on ‎11-26-2024 02:17 AM Edited on ‎02-12-2025 11:46 PM By Community Manager

Article Id 359527

Technical Tip: FortiGate configuration migration using FortiConverter

Description This article describes configuration migration common practice using FortiConverter.
Scope FortiConverter usage for FortiGate.
Solution

FortiConverter supports configuration migration from various third-party firewalls, such as Cisco, Palo Alto, Check Point, and others.
It translates network configurations into FortiGate-compatible format. 

 

It allows a smooth migration process, saves time, and minimizes the risk of configuration mistakes caused by the migration.


FortiConverter is not only used to migrate from third-party firewalls, it is used to migrate the FortiGate configuration from one FortiGate model to another.

 

Example: If after having FortiGate 60E decide to change the FortiGate with a newer unit (or bigger unit) for example 100F, to migrate the configuration, FortiConverter is essential for this process.

 

Manual intervention of the configuration file is not recommended from Fortinet (it can cause various issues) it might have side effects such as configuration failure, high CPU or memory utilization, and incompatibility with newer FortiGate.

 

However, FortiConverter is not covered by Fortinet TAC (Technical Assistance Center). FortiConvertor is a separate tool that helps the migration process between FortiGate models as well as from third-party Firewalls to FortiGate

 

Common mistakes:

  • Manual changes in the configuration file: Some Engineers migrate by manually editing the configuration files and uploading them to FortiGate, this practice is not recommended by Fortinet because of its side effects.
  • Uploading the same configuration file in different model units: If it is not the same unit model, it is not recommended to upload the configuration file from one FortiGate unit to another (sometimes it is considered for example FortiGate 100F configuration file to be uploaded to 101F unit, it is not the same unit and this is not supported).
  • An opening ticket with FortiGate TAC (Technical Assistance Center) to migrate: TAC is not responsible for migrating configuration files, (neither from third-party firewalls nor between FortiGate models). FortiConverter tool is a separate service and related questions or more information can be found at this link: Firewall Migration Service.

 

Related article:

Technical Tip: How to use FortiConverter 
546
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.