About This Guide
This guide contains information on how you can download the Secure Firewall Migration Tool and complete the migration. In addition, it provides you troubleshooting tips to help you resolve migration issues that you may encounter.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This guide contains information on how you can download the Secure Firewall Migration Tool and complete the migration. In addition, it provides you troubleshooting tips to help you resolve migration issues that you may encounter.
The Secure Firewall Migration Tool converts supported Fortinet configurations to Multicloud Defense. The Secure Firewall Migration Tool allows you to automatically migrate the supported Fortinet features and policies to Multicloud Defense.
![]() Note |
You must review the Pre-Migration Report for ignored configuration, if any, and manually configure them after migration. |
The Secure Firewall Migration Tool gathers Fortinet information, parses it, and finally pushes it to the Multicloud Defense. During the parsing phase, the Secure Firewall Migration Tool generates a Pre-Migration Report that identifies the following:
Fortinet configuration items that are fully migrated, partially migrated, unsupported for migration, and ignored for migration
Fortinet configuration lines with errors, and Fortinet CLIs that the Secure Firewall Migration Tool cannot recognize (this blocks migration).
![]() Note |
If there are parsing errors, you can rectify the issues, reupload a new configuration, connect to the destination device, and proceed to review and validate your configuration. You can then migrate the configuration to the destination device. |
The console opens when you launch the Secure Firewall Migration Tool. The console provides detailed information about the progress of each step in the Secure Firewall Migration Tool. The contents of the console are also written to the Secure Firewall Migration Tool log file.
The console must stay open while the Secure Firewall Migration Tool is open and running.
![]() Important |
When you exit the Secure Firewall Migration Tool by closing the browser on which the web interface is running, the console continues to run in the background. To completely exit the Secure Firewall Migration Tool, exit the console by pressing the Command key + C on the keyboard. |
The Secure Firewall Migration Tool creates a log of each migration. The logs include details of what occurs at each step of the migration and can help you determine the cause if a migration fails.
You can find the log files for the Secure Firewall Migration Tool in the following location: <migration_tool_folder>\logs
The Secure Firewall Migration Tool saves a copy of the Pre-Migration Report, Post-Migration Report, Fortinet configs, and logs in the Resources folder.
You can find the Resources folder in the following location: <migration_tool_folder>\resources
The Secure Firewall Migration Tool logs information about the configuration lines that it ignored in the unparsed file. This Secure Firewall Migration Tool creates this file when it parses the Fortinet configuration file.
You can find the unparsed file in the following location:
<migration_tool_folder>\resources
You can search for items in the tables that are displayed in the Secure Firewall Migration Tool, such as those on the Optimize, Review and Validate window.
To search for an item in any column or row of the table, click the Search () above the table and enter the search term in the field. The Secure Firewall Migration Tool filters the table rows and displays
only those that contain the search term.
To search for an item in a single column, enter the search term in the Search field that is provided in the column heading. The Secure Firewall Migration Tool filters the table rows and displays only those that match the search term.
The Secure Firewall Migration Tool supports telemetry when run on one of these 12 ports: ports 8321-8331 and port 8888. By default, Secure Firewall Migration Tool uses port 8888. To change the port, update port information in the app_config file. After updating, ensure to relaunch the Secure Firewall Migration Tool for the port change to take effect. You can find the app_config file in the following location: <migration_tool_folder>\app_config.txt.
![]() Note |
We recommend that you use ports 8321-8331 and port 8888, as telemetry is only supported on these ports. If you enable Cisco Success Network, you cannot use any other port for the Secure Firewall Migration Tool. |
All the notifications, including success messages, error messages, and warnings that pop up during a migration are captured
in the notifications center and are categorized as Successes, Warnings, and Errors. You can click the icon on the top right corner any time during the migration and see the various notifications that popped up, along with the
time they popped up in the tool.
Cisco Success Network is a user-enabled cloud service. When you enable Cisco Success Network, a secure connection is established between the Secure Firewall Migration Tool and the Cisco cloud to stream usage information and statistics. Streaming telemetry provides a mechanism to select data of interest from the Secure Firewall Migration Tool and to transmit it in a structured format to remote management stations for the following benefits:
To inform you of available unused features that can improve the effectiveness of the product in your network.
To inform you of additional technical support services and monitoring that is available for your product.
To help Cisco improve our products.
The Secure Firewall Migration Tool establishes and maintains the secure connection and allows you to enroll in the Cisco Success Network. You can turn off this connection at any time by disabling the Cisco Success Network, which disconnects the device from the Cisco Success Network cloud.
Version |
Supported Features |
---|---|
7.7.10.1 |
This release includes the following new features:
|
7.7.10 |
This release includes the following new features:
|
7.7 |
This release includes the following new features:
|
7.0.1 |
This release includes the following new features and enhancements:
|
7.0 |
This release includes the following new features and enhancements: Cisco Secure Firewall ASA to Cisco Secure Firewall Threat Defense Migration
Fortinet Firewall to Cisco Secure Firewall Threat Defense Migration
|
6.0.1 |
This release includes the following new features and enhancements: Cisco Secure Firewall ASA to Cisco Secure Firewall Threat Defense Migration
FDM-managed Device to Cisco Secure Firewall Threat Defense Migration
Fortinet Firewall to Cisco Secure Firewall Threat Defense Migration
Palo Alto Networks Firewall to Cisco Secure Firewall Threat Defense Migration
Check Point Firewall to Cisco Secure Firewall Threat Defense Migration
|
6.0 |
This release includes the following new features and enhancements: Cisco Secure Firewall ASA to Cisco Secure Firewall Threat Defense Migration
FDM-managed Device to Cisco Secure Firewall Threat Defense Migration
Check Point Firewall to Cisco Secure Firewall Threat Defense Migration
Fortinet Firewall to Cisco Secure Firewall Threat Defense Migration
|
5.0.1 | This release includes the following new features and enhancements:
|
5.0 |
|
4.0.3 | The Secure Firewall migration tool 4.0.3 includes bug fixes and the following new enhancements:
|
4.0.2 |
The Secure Firewall migration tool 4.0.2 includes the following new features and enhancements:
|
The Secure Firewall migration tool application is free and does not require license. However, the Security Cloud Control tenant and Multicloud Defense must have the required licenses.
The Secure Firewall migration tool has the following infrastructure and platform requirements:
Runs on a Microsoft Windows 10 64-bit operating system or on a macOS version 10.13 or higher
Has Google Chrome as the system default browser
(Windows) Has Sleep settings configured in Power & Sleep to Never put the PC to Sleep, so the system does not go to sleep during a large migration push
(macOS) Has Energy Saver settings configured so that the computer and the hard disk do not go to sleep during a large migration push
For migrating configurations from Fortinet to Multicloud Defense, ensure you have met the following requirements and prerequisites:
You have a Security Cloud Control tenant with Multicloud Defense enabled on it.
You have purchased the required operating licenses for Multicloud Defense.
![]() Note |
You can migrate configurations to Multicloud Defense even during the 90-day free trial because the trial experience offers full functionality of a paid subscription. |
You have the base URL of Multicloud Defense and the Security Cloud Control tenant name handy.
You have created an API key and also copied the API Key ID and API Key Secret that Multicloud Defense generates when you create the API key. See Create an API Key in Multicloud Defense for more information.
The Secure Firewall Migration Tool supports the following Fortinet configurations for migrating to Multicloud Defense:
Access control lists
Network objects
Port objects
FQDN objects
URL objects
The Secure Firewall migration tool supports migration of Fortinet firewall operating system version 5.0 and later to Multicloud Defense.
This section summarizes the various Multicloud Defense-related user guides: