CONFIGURATION MIGRATION UTILITY FortiConverter 4.7 Release Notes

Similar documents
Purchase and Import a Signed SSL Certificate

FortiVoice Enterprise Phone System GA Release Notes

Mobile Configuration Profiles for ios Devices Technical Note

What s New for FortiMail 5.2.0

Configuring FortiVoice for Skype VoIP service

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

FortiGate-AWS Deployment Guide

Supported Upgrade Paths for FortiOS Firmware VERSION

FortiMail VM (Microsoft Hyper-V) Install Guide

Fortinet FortiGate App for Splunk

FortiAuthenticator v2.0 MR1 Release Notes

FortiAnalyzer VM (VMware) Install Guide

Configuring FortiVoice for Bandwidth.com VoIP service

Managing a FortiSwitch unit with a FortiGate Administration Guide

FortiManager - Secure DNS Guide VERSION 5.4.1

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Configuring FortiVoice for Cbeyond VoIP service

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

How To Get A Fortinet Security System For Free

FortiAuthenticator - What's New Guide VERSION 4.0

Please report errors or omissions in this or any Fortinet technical document to

Funkwerk UTM Release Notes (english)

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0

Securing Networks with PIX and ASA

FortiVoice Enterprise

Web Security Firewall Setup. Administrator Guide

Use FortiWeb to Publish Applications

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

FortiGate Modem Compatibility Matrix

FortiVoice Enterprise

Fireware Essentials Exam Study Guide

Integrating Juniper Netscreen (ScreenOS)

Creating a VPN with overlapping subnets

ACTi NVR Config Converter User s Manual. Version /06/07

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

CenturyLink Cloud Configuration

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

FortiOS Handbook - FortiView VERSION 5.2.3

ACL Compliance Director FAQ

FortiOS Handbook IPsec VPN for FortiOS 5.0

FortiFone QuickStart Guide for FON-370i

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Feature Brief. FortiGate TM Multi-Threat Security System v3.00 MR5 Rev. 1.1 July 20, 2007

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

(91) FortiOS 5.2

Fireware How To Network Configuration

Configuring SSL VPN on the Cisco ISA500 Security Appliance

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

Status of Open Source and commercial IPv6 firewall implementations

Using VDOMs to host two FortiOS instances on a single FortiGate unit

SonicWALL PCI 1.1 Implementation Guide

About the VM-Series Firewall

How To Set Up A Vns3 Controller On An Ipad Or Ipad (For Ahem) On A Network With A Vlan (For An Ipa) On An Uniden Vns 3 Instance On A Vn3 Instance On

vcloud Director User's Guide

Cisco Which VPN Solution is Right for You?

How To Create A Firewall Security Value Map (Svm) 2013 Nss Labs, Inc.

z/os V1R11 Communications Server system management and monitoring

Full version is >>> HERE <<<

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

FortiFone QuickStart Guide for FON-670i and FON-675i

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

Using Remote Desktop Software with the LAN-Cell 3

Contents. Pre-Installation Recommendations. Platform Compatibility. G lobal VPN Client SonicWALL Global VPN Client for 64-Bit Clients

Sophos UTM. Remote Access via IPsec Configuring Remote Client

HA OVERVIEW. FortiGate FortiOS v3.0 MR5.

Microsoft Azure Configuration

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Implementing Core Cisco ASA Security (SASAC)

FortiGate High Availability Overview Technical Note

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4.

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Configuring WAN Failover & Load-Balancing

How To Use A Fortivoice Phone On A Cell Phone On An Ipad Or Ipad (For A Sim Sim) On A Simplon (For An Ipod) On An Iphone Or Ipod (For Ipad)

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

The Enterprise Cloud Rush

Configuring GTA Firewalls for Remote Access

FortiClient v5.2 Administration Guide

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

Steps for Basic Configuration

High Availability Branch Office VPN

Google Compute Engine Configuration

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...

FortiOS Handbook SSL VPN for FortiOS 5.0

7.1. Remote Access Connection

TechNote. Configuring SonicOS for MS Windows Azure

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

VPN Configuration Guide. Dell SonicWALL

SDN Security for VMware Data Center Environments

Using Remote Desktop Software with the LAN-Cell

Juniper Secure Analytics Release Notes

Transcription:

CONFIGURATION MIGRATION UTILITY FortiConverter 4.7 Release Notes

FortiConverter 4.7 Release Notes July 6, 2015 Revision 1 Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare, and FortiGuard and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Technical Documentation Knowledge Base Forums Customer Service & Support Training FortiGuard Threat Research & Response License Agreement Document Feedback http://docs.fortinet.com http://kb.fortinet.com https://support.fortinet.com/forums fconvert_feedback@fortinet.com http://training.fortinet.com http://www.fortiguard.com http://www.fortinet.com/doc/legal/eula.pdf Email: techdocs@fortinet.com

Table of Contents Introduction... 4 What's new... 4 System requirements... 5 Supported vendors... 5 Alcatel-Lucent Brick... 5 Check Point... 5 Cisco IOS... 5 Cisco PIX/ASA/FWSM... 5 Juniper... 5 Palo Alto Networks... 5 SonicWall NSA... 6 Supported conversions... 6 Alcatel-Lucent Brick... 6 Check Point... 6 Cisco... 6 Juniper... 6 Palo Alto Networks... 7 SonicWall NSA... 7 Installation... 7 Resolved issues... 8 3

Introduction This document provides installation instructions and caveats, resolved issues, and known issues for FortiConverter 4.7, build 737. FortiConverter provides a solution for the conversion of numerous firewall configurations into a FortiOS-compatible format. It currently supports the conversion of Cisco, Check Point, Juniper, SonicWall, Palo Alto Networks and Alcatel-Lucent Brick configurations. It also supports the conversion of FortiOS to a different FortiOS version. A trial version is available, which provides full functionality for Fortigate-to-Fortigate tasks. For other conversions, the trial version allows you to perform some functional testing before you buy. In most cases, this limited functionality is sufficient for initial product evaluation. SKU FC-10-CON01-401-01-12 Description 1-Year Multi-vendor Configuration Conversion Tool (requires MS Windows) to create FortiOS configuration files. FC-10-CON01-401-02-12 1-Year Renewal Multi-vendor Configuration Conversion Tool (requires MS Windows) to create FortiOS configuration files. Note: If you do not renew the license, functionality reverts to the trial version. For additional documentation, please visit: http://docs.fortinet.com/forticonverter/ What's new The following features are new or enhanced in FortiConverter 4.7: Junos OS NAT merge review FortiConverter can now perform a NAT merge between security rules and NAT tables based on address comparison. The NAT tuning page now provides details about the conversion logic for FortiGate NAT policies. FortiOS 4.x to 5.x conversion FortiConverter now supports a limited conversion from FortiOS 4.x to FortiOS 5.x. Junos OS Logical System (LSYS) and ScreenOS Virtual System (VSYS) FortiConverter converts LSYS and VSYS to FortiGate VDOMs. Save FortGate conversions using the trial version You do not need to upload a paid license for FortiConverter before you can save your Fortinet-to-Fortinet conversions. Results page web UI enhancements The wizard's Conversion Result page is now grouped into categories for quick review. An Export button allows you to save conversion statistics as an HTML page. Policy review wizard page This additional page displays detailed address/service object list information. Import instructions The conversion headers of FortiConverter output files now provide instructions for building the new configuration file. For FortiGate-to- 4 FortiConverter 4.7 Release Notes

FortiGate conversions, you restore the outputs, and for Snort conversions, you import the outputs. System requirements FortiConverter is designed to run on the following Microsoft Windows platforms: Windows 8 (32/64 bit) Windows 7 (32/64 bit) Windows Vista (32/64 bit) Windows XP (32 bit) Supported vendors FortiConverter can convert firewall configurations from the following vendors: Alcatel-Lucent Brick OS: 9.x Check Point Smart Center with OS NG FP1 (4.0) to NGX R76 Provider-1 with OS NGX R65 to R76 Cisco IOS OS: 10.x / 11.x / 12.x / 15.x Cisco PIX/ASA/FWSM PIX: 5.x / 6.x / 7.x / 8.x ASA: 7.x / 8.x FWSM: 2.x / 3.x / 4.x Juniper SSG ScreenOS 5.x / 6.x SRX Junos OS 10.x, / 11.x / 12.x Palo Alto Networks PAN OS: 1.x to 6.x 5 FortiConverter 4.7 Release Notes

SonicWall NSA OS: SonicOS Enhanced 5.x Supported conversions Alcatel-Lucent Brick Check Point Cisco Juniper Partition Interface (physical, logical, loopback, PPPoE) Address/ address group Services/ service group Static routes Zone rule set Interface (physical, logical, loopback, PPPoE) Addresses / address group Service / service group Schedules Rule NAT (automatic NAT / rule NAT) VPN (IPsec) Local user / user group AAA server (RADIUS / TACACS+ / LDAP) Static route Interface (physical, logical, loopback, PPPoE, tunnel) Address / address group IP pool Time-range DHCP server Service / service group Static routes ACL NAT VPN (IPSEC, PPTP / L2TP) Local user / user group AAA server (Radius / TACACS+/LDAP) Interface (physical, logical, loopback, PPPoE, tunnel) Zone DHCP server / client / relay Policy NAT Address / address group / FQDN IP pool VIP / MIP 6 FortiConverter 4.7 Release Notes

Service/service group Static routes VPN (IPSEC, PPTP / L2TP) Local user / user group Palo Alto Networks Addresses & Address Groups & FQDNs Interfaces Local Users & Groups NAT (partial) Policies Schedules Static Routes Services & Service Groups Zones SonicWall NSA Interface (physical, logical, loopback, PPPoE) Zone DHCP server / client / relay Policy NAT Address/ address group Services/ service group Static routes Schedule Local user / user group Installation Refer to the FortiConverter User Guide for installation details. Go to: http://docs.fortinet.com/d/forticonverter-4-7-0-user-guide 7 FortiConverter 4.7 Release Notes

Resolved issues The resolved issues listed below do not include every bug that has been corrected with this release. For inquires about a particular bug, please contact the support email alias fconvert_feedback@fortinet.com. Table 1: Resolved Issues Bug ID Description 266476 Netscreen policy conversion does not apply IP pool (set ippool & set poolname) 266586 Netscreen MIP Handling: policy allowing mappedip outbound is not converted with source NAT 267140 SRX service objects with only source port defined are incorrectly converted 267142 Invalid SRX objects are migrated 267509 Cisco FWSM configuration only maps to root vdom 267544 Cisco nameif not used as interface name 267546 Cisco conversion incorrectly maps standby IP to secondary IP 267563 Cisco FWSM route conversion adds incorrect route entries 267565 Cisco FWSM conversion does not use default FortiOS objects 267567 Cisco FWSM static NAT conversion incorrectly assigns interface to VIPs 267568 Cisco FWSM conversion generates redundant policies for Cisco static NAT 267574 Renaming interfaces on the tuning page does not affect entire configuration 267662 Add support for older SonicWall configuration format 267663 ScreenOS: Juniper to Fortigate DIP with multiple address sources 267934 Netscreen conversion does not convert rule logging options 269586 SRX: Log on Session Init does not convert 269588 SRX: Global policies are ignored/not converted 269591 SRX: Custom service TTL are not migrated 8 FortiConverter 4.7 Release Notes

272749 SRX "inactivity timeout never" is now converted to maximum Fortigate timeout 272750 SRX conversion sets zones to deny intrazone traffic 272886 Cisco conversion crashes due to default object name conflicts 272888 Juniper conversion hangs and crashes using build 666 272892 Clarified web UI text on Fortigate to Fortigate conversion 272901 Confusing text in Alcatel-Lucent conversion source selection 275972 ASA VPN phase2 conversion enables IPSEC DHCP by default 9 FortiConverter 4.7 Release Notes

10 FortiConverter 4.7 Release Notes

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information