Shopping Cart

No products in the cart.

Fortinet Migration Tool to Sophos Firewall

Switching from one firewall solution to another can be a challenge, especially when it comes to migrating configurations. Sophos now offers a Migration Assistant specifically designed to ease the transition from Fortinet firewalls to Sophos Firewall. In this blog post, we will introduce you to the Fortinet Migration Tool and show you how it can help you save time and effort when migrating.

Firewall: The heart of the network

Firewalls are the backbone of any network security. Whether Fortinet, SonicWall or Sophos – around 80% of the functions are similar across all providers. Nevertheless, the remaining 20% can make a big difference, especially when it comes to operation, price or integration into an ecosystem. Many organizations are reluctant to switch vendors because migrations are often associated with effort, cost and potential downtime. The Fortinet Migration Tool makes this process easier and more efficient.

What is the Fortinet Migration Tool?

The Fortinet Migration Tool, officially known as Fortinet to Sophos Firewall Migration Assistant, is a free tool that helps IT administrators to automatically migrate configurations from Fortinet firewalls to Sophos Firewalls. It is compatible with:

  • Sophos XGS Series Hardware Appliances
  • Virtual and software-based firewalls from Sophos Firewall OS (SFOS) version 21.0
  • Fortinet firewalls with firmware version 6.x or 7.x (single VDOM)

The tool is ideal for companies that want to consolidate their network security, reduce costs or benefit from the extended security functions of Sophos Firewall.

Which configurations are migrated?

The Fortinet Migration Tool automatically transfers the following configuration elements:

  • Network interfaces: Including IP assignment and VLAN configurations
  • Address objects: Hosts, groups and other network objects
  • Service objects: Ports and protocols
  • Static routes: For basic routing
  • Firewall rules: Security policies for data traffic

What is not migrated?

Some configurations must be transferred manually, including

  • Users, groups and authentication methods
  • VPN configurations (IPSec, SSL VPN)
  • Dynamic routing protocols (OSPF, BGP, RIP)
  • Admin users and rights
  • Wireless settings, hotspots and Access Points
  • Syslog, SNMP and monitoring settings
  • Certificates, passwords and backup encryption
  • IPv6-based rules and objects

These limitations mean that you will have to make some manual adjustments after the migration, especially in complex or security-critical environments.

Plan migration

A successful migration requires careful planning. Here are some tips to optimize the process:

  • Check compatibility: Ensure that the Fortinet firewall is using firmware version 6.x or 7.x with a single VDOM.
  • Create a backup: Create a full backup of the Fortinet configuration, ideally via the GUI or the CLI command “show full config”.
  • Sophos Firewall prepare: Reset the Sophos Firewall to the factory settings and ensure that SFOS version 21.0 or higher is installed.
  • Documentation: Note the IP ranges, VLANs, VPNs and other important configurations that are not migrated.
  • Test environment: First carry out the migration in a test environment to identify potential problems.

How to use the Fortinet Migration Tool?

Using the Fortinet Migration Tool is straightforward and involves three main steps:

  1. Export the Fortinet configuration: Create a backup of the Fortinet firewall configuration via the user interface or using the CLI command “show full config”.
  2. Upload to the Migration Assistant: Upload the exported configuration file to the Sophos Migration Assistant. The tool analyzes the file and converts it into a format compatible with Sophos Firewall (.tar or .xml).
  3. Import into the Sophos Firewall: Import the generated file into your Sophos Firewall. You can choose whether you want to import the entire configuration or only selected parts.

For an overview of the process, you can watch this demo video, which demonstrates the migration tool using SonicWall as an example. The process for Fortinet is similar.

Advantages of the Fortinet Migration Tool

The Fortinet Migration Tool offers numerous advantages:

  • Time saving: The automated transfer of configurations significantly reduces manual effort.
  • Error reduction: Predefined validation logic minimizes the risk of configuration errors.
  • Clean restart: You can only migrate required configurations and remove obsolete settings.
  • Ideal for consolidations: Particularly useful for consolidating sites or serial migrations.

The tool is particularly suitable for smaller IT environments. Manual migration is recommended for complex or security-critical systems.

Striving for perfection

Very few IT managers find enough time to continuously check and optimize their firewall rules. This is why they often fall back on existing configurations when switching over. However, this is precisely where the opportunity lies: a change of manufacturer opens up the possibility of critically scrutinizing all settings, switching to current best practices and rebuilding the entire structure. The modern functions and extended security mechanisms of Sophos Firewall offer considerable advantages to significantly increase the level of security in the network.

While the first step is primarily about implementing the migration as smoothly as possible, the fine-tuning should be tackled immediately afterwards. A carefully prepared migration plan, which provides for both the smooth transfer of the basic configuration and subsequent detailed optimization, pays off in several ways: It not only ensures increased security, but also improves performance and administrative effort. Although the Fortinet Migration Tool significantly simplifies the changeover, the limitations of the tool should be kept in mind: Not all settings are automatically adopted, which is why careful verification is essential. For complex infrastructures in particular, we recommend planning the migration together with us in order to guarantee a smooth process and comprehensive configuration optimization.

In order to remain permanently up to date, it is advisable to establish a continuous improvement process that constantly adapts the firewall to current threats and technical developments.

Conclusion

The Fortinet Migration Tool is a valuable tool for organizations looking to migrate from Fortinet to Sophos Firewalls. It automates most of the configuration transfer, saves time and reduces errors. With the right preparation and post-processing, you can efficiently take your network security to the next level.

Our technicians are happy to provide support for any migration to a Sophos Firewall. They offer training so that internal IT can operate the firewall themselves or offer a full service with a managed firewall. Contact

Patrizio
Patrizio

Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.