1. Configure the NGFW interface parameters according to the Fortigate interface parameters.

2. Configure the binding relationship between interfaces and zones on the NGFW.

Fortigate's firewall policy and NAT policies can select the interface.

The source and destination objects in the NGFW’s application control policy, as well as the source objects in the NAT policy, cannot specify a particular interface. Instead, it use zones.

Therefore, during the configuration migration process, the NGFW automatically creates zones containing the interface names in the format XXX-zone, with L3 as the default zone type. You will need to manually bind the corresponding interfaces and zones. For example, if you are using the NGFW’s eth1 interface to replace Fortigate’s port1 interface, you must bind eth1 on the NGFW to port1-zone.

What needs to be considered is that if there is a significant difference in the number of interfaces between the Fortigate and the NGFW—especially when the Fortigate uses many more interfaces than the NGFW—you will need to consider merging zones.

For example, if your Fortigate originally used 20 physical interfaces for traffic forwarding, but the NGFW only has 10 physical interfaces handling traffic, you will need to adjust your network design by consolidating the configuration parameters of the 20 Fortigate interfaces into the 10 NGFW interfaces. For policies such as application control and NAT, you will need to manually adjust the corresponding zones accordingly.

3. Adjust the static routes, taking into account that the interfaces on the Fortigate and those on the NGFW do not have a direct one-to-one correspondence during the migration process.

Therefore, during the configuration migration process, the egress interface is set to eth1 by default. After you have consolidated and adjusted the interface information on the NGFW, you will need to manually modify the interfaces in the static routing policies. You can either select the appropriate interface or choose Auto.