Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.95
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} Deployment Replacing Fortigate with NGFW Overview and Migration Process Overview List of Key Feature Compatibility Features and Migration Order
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","List of Key Feature Compatibility Features and Migration Order")}}

List of Key Feature Compatibility Features and Migration Order

{{ $t('productDocDetail.updateTime') }}: 2026-01-04

Main Functions

Fortigate Module

Related NGFW Module

Conversion Supported

Conversion Method

Notes

Network Objects

config firewall addressconfig firewall addrgrp

Objects / Network Objects

Supported

Auto Conversion via Tool

Object names should follow standard naming conventions

Service Objects

config firewall service customconfig firewall service group

Objects / Service Objects

Supported

Auto Conversion via Tool

Protocol mapping handled automatically

Security Policy (ACL)

config firewall policy

ACL Policy

Supported

Auto Conversion via Tool

 

NAT Policy

config firewall ippoolconfig firewall vip

NAT Policy

Supported

Auto Conversion via Tool

1. Only non-central NAT rules supported2. Verify VIP mapping direction

Routing Configuration

config router staticconfig router ospfconfig router bgpconfig router policy

Static / Dynamic Routing

Supported

Auto + Manual Configuration

1. Tool supports static route conversion2. Dynamic routing must be configured manually

VPN Configuration

config vpn ipsec phase1-interfaceconfig vpn ipsec phase2-interfaceconfig vpn ssl settingsconfig vpn ssl web portal

IPsec / SSL VPN

Supported

Manual Configuration

VPN tunnels must be re-established

SD-WAN Configuration

config system sdwanconfig system sdwan-membersconfig system sdwan-service

SD-WAN / PBR Configuration

Supported

Manual Configuration

Sangfor SD-WAN only supports Sangfor VPN tunnels

User Authentication

config user localconfig user groupconfig user radiusconfig user ldapconfig user tacacs+

User Authentication Center

Supported

Manual Configuration

Sync mechanisms differ

Antivirus / IPS / URL Filtering

config antivirus profileconfig ips sensorconfig webfilter profile

Threat Prevention / URL Filtering

Supported

Manual Migration

Application Control

config application listconfig application rule

Application Control Policy

Supported

Manual Configuration

Sangfor offers richer application control features

High Availability (HA)

config system ha

Active/Passive or Active/Active

Supported

Manual Configuration

Logging & Monitoring

config log settingconfig log syslogd settingconfig log disk settingconfig system snmp community

Monitor

Supported

Manual Configuration

Virtual Systems (VDOM)

config vDOMconfig global

Multi-Tenant / Sub-Policy System

Not Supported

Re-Design Required

Recommend restructuring based on site or region segmentation