Hi, I have been using FCON lately for Cisco ASA migration over to the FGT(FMG) but seems like almost all policy which used NAT have ben wrongly created by FCON, same applies to VPNs.
FCON randomly creates NATs and policy, looks like he is going for 50/50 functional approach, where somewhere is good SNAT/DNAT, somewhere isn't. Also grouping the policy seems like big problem for him as well.
Is this some kind of bug which needs to be reported? Or is this known issue? Because I don't see point of using FCON when I have to do 90% of migration manually anyway.
01001000 01001001
FCON never does the job 100%, I used it for several PAN migrations, it can migrates interfaces, routes, firewall policies (80%), addresses, central NAT, can make errors for DNAT, and it doesn't migrate many things, like OSPF, all security profiles, ... and many others.
So it helps but you have to do 40% of the job by hand or with scripts if you have many policies and objects.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.