Skip to content
Avanet
Fortinet Migration Tool for Sophos Firewall

Fortinet Migration Tool for Sophos Firewall

Switching from one firewall solution to another can be challenging, especially when configurations need to be migrated. Sophos now offers a Migration Assistant designed specifically to make the move from Fortinet firewalls to Sophos Firewall easier. In this blog post, we introduce the Fortinet Migration Tool and show how it helps save time and effort during the migration.

Firewall: The Heart of the Network

Firewalls are the backbone of any network security architecture. Whether Fortinet, SonicWall or Sophos, roughly 80% of the functions are similar across providers. The remaining 20%, however, can make a major difference, especially when it comes to usability, pricing or integration into an ecosystem. Many companies hesitate to change vendors because migrations are often associated with effort, cost and potential downtime. The Fortinet Migration Tool makes this process simpler and more efficient.

What is the Fortinet Migration Tool?

The Fortinet Migration Tool, officially known as the Fortinet to Sophos Firewall Migration Assistant, is a free tool that helps IT administrators automatically transfer configurations from Fortinet firewalls to Sophos Firewall. It is compatible with:

  • Sophos XGS Series hardware appliances
  • Virtual and software-based firewalls running Sophos Firewall OS (SFOS) version 21.0 or later
  • Fortinet firewalls with firmware version 6.x or 7.x (single VDOM)

The tool is ideal for companies that want to consolidate their network security, reduce costs or benefit from the advanced security features of Sophos Firewall.

Which configurations are migrated?

The Fortinet Migration Tool automatically transfers the following configuration elements:

  • Network interfaces: Including IP assignment and VLAN configurations
  • Address objects: Hosts, groups and other network objects
  • Service objects: Ports and protocols
  • Static routes: For basic routing
  • Firewall rules: Security policies for traffic

What is not migrated?

Some configurations must be transferred manually, including:

  • Users, groups and authentication methods
  • VPN configurations (IPsec, SSL VPN)
  • Dynamic routing protocols (OSPF, BGP, RIP)
  • Admin users and rights
  • Wireless settings, hotspots and access points
  • Syslog, SNMP and monitoring settings
  • Certificates, passwords and backup encryptions
  • IPv6-based rules and objects

These limitations mean that some manual adjustments are still required after the migration, especially in complex or security-critical environments.

Planning the migration

A successful migration requires careful planning. These steps help optimize the process:

  • Check compatibility: Ensure that the Fortinet firewall uses firmware version 6.x or 7.x with a single VDOM.
  • Create a backup: Create a full backup of the Fortinet configuration, ideally via the GUI or the CLI command “show full config”.
  • Prepare Sophos Firewall: Reset Sophos Firewall to factory settings and ensure that SFOS version 21.0 or later is installed.
  • Documentation: Record the IP ranges, VLANs, VPNs and other important configurations that are not migrated.
  • Test environment: Perform the migration first in a test environment to identify potential problems.

How to use the Fortinet Migration Tool?

Using the Fortinet Migration Tool is straightforward and involves three main steps:

  1. Export the Fortinet configuration: Create a backup of the Fortinet firewall configuration via the user interface or by using the CLI command “show full config”.
  2. Upload it to the Migration Assistant: Upload the exported configuration file to the Sophos Migration Assistant. The tool analyzes the file and converts it into a format compatible with Sophos Firewall (.tar or .xml).
  3. Import it into Sophos Firewall: Import the generated file into Sophos Firewall. You can choose whether to import the entire configuration or only selected parts.

For an overview of the process, you can watch this demo video, which demonstrates the migration tool using the example of SonicWall. The process for Fortinet is similar.

Advantages of the Fortinet Migration Tool

The Fortinet Migration Tool offers numerous advantages:

  • Time savings: The automated transfer of configurations significantly reduces manual effort.
  • Error reduction: Predefined validation logic minimizes the risk of configuration errors.
  • Clean start: You can migrate only the required configurations and remove outdated settings.
  • Ideal for consolidation projects: Particularly useful when consolidating sites or running multiple migrations in sequence.

The tool is particularly suitable for smaller IT environments. For complex or security-critical systems, a manual migration is recommended.

Striving for Perfection

Very few IT teams have enough time to continuously review and optimize their firewall rule set. As a result, existing configurations are often carried over during a platform change. This is exactly where the opportunity lies: changing vendors creates the chance to question every setting, align the configuration with current best practices and rebuild the entire structure. The modern features and advanced security mechanisms of Sophos Firewall provide significant advantages for raising the security level of the network.

While the first step is primarily about completing the migration with as little disruption as possible, fine-tuning should follow immediately afterwards. A carefully developed migration plan that covers both the smooth transfer of the basic configuration and subsequent detailed optimization pays off several times over: it increases security, improves performance and reduces administrative effort. Although the Fortinet Migration Tool significantly simplifies the switch, it is important to keep the tool’s limitations in mind. Not all settings are transferred automatically, so a careful review is essential. For complex infrastructures in particular, we recommend planning the migration together with us to ensure a smooth process and comprehensive configuration optimization.

To stay up to date over the long term, it is advisable to establish a continuous improvement process that keeps the firewall aligned with the current threat landscape and technical developments.

Conclusion

The Fortinet Migration Tool is a valuable aid for companies that want to switch from Fortinet to Sophos firewalls. It automates most of the configuration transfer, saves time and reduces errors. With the right preparation and follow-up work, you can efficiently take your network security to the next level.

Our technicians are happy to support any migration to Sophos Firewall. They provide training so internal IT can operate the firewall independently, or they can deliver a full-service option with Managed Firewall. Contact

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.