Hello,
Since FortiConverter is not a free tool, any advise for migrating from Cisco ASA to FortiGate smoothly?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You do not need a conversion tool in order to do NAT. Look at each NAT and apply it a central-NAT or per-policy as required. The concept are equally the same between ciscoASA and FortiOS
# DNAT rules cisco ASA object network webserverdnat host 172.7.72.11 nat (inside,outside) static 1.0.0.111 # DNAT VIP FGT port-forward tcp80 config firewall vip edit webserverdnat set comment "DANT TO rfc1918" set extintf wan1 set extip 1.0.0.111 set mappedip 172.7.72.11 set portforward enable set protocol tcp set extport 80 set mapped port 80 end # DNAT VIP FGT config firewall vip edit webserverdnat set comment "DANT TO rfc1918" set extintf wan1 set extip 1.0.0.111 set mappedip 172.7.72.11 end # cisco DNAT port forward object network WebServerCH3-LAMPSRV01 host 172.7.88.101 nat (inside,outside) static 1.0.0.1 service tcp 80 80 ! # cisco pat overload to a pool object network MYLAN subnet 172.254.12.0. 255.255.255.0 object network SNATPOOL subnet 192.0.2.1 255.255.255.255 nat (inside,outside) 1 source static MYLAN MYLAN destination static SNATPOOL SNATPOOL #FortiOS CENTRAL-NAT config firewall ippool edit publicpoolA set type overload set startip 192.0.2.1 set endip 192.0.2.1 end config firewall central-snat-mapedit 1 set orig-addr <pre-nat.src.addr> set dst-addr <pre-nat dst.addr> set nat-ippool ippool publicpoolAend That a few examples I can think of, just determine if you want central-net or nat within the policy. Thank of central net the same as ciscoASA, Palo,Juniper,CHKP,Forcepoint NAT-tables. YMMV but both are equally beneficial and easy concepts to figure out. Ken Felix
PCNSE
NSE
StrongSwan
depending on when you bought the FortiGate FortiConverter is a free service.
but if that isn't an option then you best understand what the ASA does very well. then it is not that hard to configure the FortiGate in a similar way if you understand FortiGate also. if there is an issue with understanding one of them look for assistance, that will probably also come with a price.
boneyard wrote:depending on when you bought the FortiGate FortiConverter is a free service.
You mean we can ask for this product for free? since equipments has been purchased recently
not the product, but a forticonverter service is available.
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiConverter.pdf
unfortunately i now see it is a purchased service also, probably cheaper then the forticonverter license, which is quite affordable and probably easier to purchase when you buy the equipment then later.
Thank you, I'm only stuck on NAT policy migration, I think i will try to handle it since ASA NAT is a bit confusing
yeah, that is a tricky one. ASA can NAT in too many different ways with sometimes very limited configuration.
with Fortinet you generally use VIPs and IP Pools for NAT. to create a good mapping you should understand what exactly is and isn't NATted on the ASA and then build the FortiGate configuration.
Elthon Abreu FCNSA v5
Hi Elthon,
I did test it before but i wasn't able to get the configuration due to a limitation related to the free version where you can just see the results and not to get the configuration file.
Were you able to export the configuration?
Thanks
Ydaew,
Did you try the Python version?
Elthon Abreu FCNSA v5
the new (python) version is not free, both the legacy and new version require a license (which is shared between both).
from the release notes:
For all 3rd party conversions, you can complete a conversion and view the results in the tuning page. All other functionality is disabled until you upload the full license. In most cases, this limited functionality is sufficient to allow you to evaluate the product.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.