About WatchGuard Converter

WatchGuard Converter is a service that enables you to quickly migrate an existing firewall configuration from a Dell SonicWALL or Fortinet FortiGate firewall device to a WatchGuard Firebox. WatchGuard Converter migrates configuration settings from the source configuration file to a configuration for a WatchGuard device. The conversion process is simple, and does not require you to install any software. To convert a configuration file, you simply upload it to WatchGuard Converter and specify the Firebox model for which you want to create a new configuration file.

Before you begin, make sure you understand:

Then you can:

What is Converted

WatchGuard Converter is a "best effort" configuration conversion service that can automatically convert most configuration settings. There are some settings that cannot be converted because of differences in the implementation of functionality between the source and target firewall devices or due to limitations in WatchGuard Converter.

Some of the features that WatchGuard Convert cannot convert are:

  • Users and Authentication Systems
  • Virtual Private Network (VPN), including IPSec and SSL
  • Simple Network Management Protocol (SNMP)
  • Routing Protocols
  • Dynamic Host Configuration Protocol (DHCP)
  • PPPoE
  • Link Aggregation
  • Virtual LAN (VLAN)
  • Wireless LAN (WLAN)
  • Intrusion Detection System (IDP) / Intrusion Prevention System (IPS)

If WatchGuard Converter cannot convert a configuration setting, it writes an error to the conversion log file. After the conversion is completed, you can review the log file and the converted configuration to verify the completeness and accuracy of the conversion, and make manual updates as needed.

Supported Source and Target Devices

The source configuration files should:

  • Be in their native forms from the device itself, without any modification
  • Not be encrypted (where there is an encryption option on the device)
  • Not be compressed into a file archive

Any modification of the source files from their native format can cause conversion errors.

Supported source device configuration files:

  • Dell SonicWALL NSA and TZ
    • OS: SonicOS 5.6.x, 5.7.x, 5.8.x (Standard and Enhanced)
    • Configuration file name format: *.exp
  • Fortinet FortiGate
    • OS: FortiOS 4.x and 5.x
    • Configuration file name format: *.conf

Supported target WatchGuard devices:

  • XTM 2 Series: 25/25-W, 26/26-W
  • XTM 3 Series: 33/33-W, 330
  • XTM 5 Series: 515, 525, 535, 545
  • XTM 8 Series: 810, 820, 830
  • XTM 800 Series: 850, 850, 870
  • XTM 1050
  • XTM 1500 Series: 1520-RP, 1525-RP
  • XTM 2050
  • XTM 2500
  • XTMv

Convert a Configuration File

To convert a configuration file:

  1. Log in to the WatchGuard Converter page at
  2. Click Choose File or Browse to select the configuration file you want to convert. (*.exp for SonicWALL or *.conf for FortiGate).
  3. From the Target XTM Model drop-down list, select the Firebox model for which you want to create the new configuration file.
  4. Click Convert to XTM Config.
    WatchGuard Converter processes the file and creates a zip file that contains the converted XTM configuration file and a log file.
  5. Save the file.
  6. Extract the zip file to your computer.

The file contains two files:

  • XTMConfig.xml — The converted configuration file
  • ConverterLog.log — The log file created by the conversion process

Examine the Log File

WatchGuard Converter creates a log file that contains information about the items in the original configuration that were converted. The log file also contains warnings and errors about any configuration settings that were not converted. Use any text editor to open and review the log file.

Edit the Configuration File

To open and edit the XTMConfig.xml file, use Policy Manager v11.8 or higher. Policy Manager is available from WatchGuard System Manager. You can download the WatchGuard System Manager installer from the Software Downloads page for your Firebox model.

To open the converted configuration file:

  1. In WatchGuard System Manager, select Tools > Policy Manager.
    The Policy Manager dialog box appears.
  2. Select Open configuration file and click Browse.
  3. Select the XTMConfig.xml configuration file that you extracted from the zip file.
  4. Click Open.
    The configuration file appears in Policy Manager.

In Policy Manager, you can examine the converted configuration, configure any settings that were not automatically converted, and enable additional Fireware features and services.

For information about Fireware configuration files, see About Configuration Files in the WatchGuard System Manager v11.8.x Help.

Add a Feature Key

Before you save the converted configuration file to an activated Firebox, make sure that you add a feature key to enable all functionality of the device. You also need a feature key to configure some Fireware XTM features and services.

For information about how to activate a WatchGuard device and any add-on features or services, see Activate a WatchGuard Device or Feature in the My Products Help.

For information about how to add a feature key to the configuration, see Manually Add a Feature Key to Your XTM Device in the WatchGuard System Manager v11.8.x Help.

Save the Configuration to the Firebox

After you have made any necessary changes to the configuration file and added a feature key, you can use Policy Manager to save the configuration to the Firebox.

If the Firebox has never been configured, use the Web Setup Wizard or Quick Setup Wizard to create a basic configuration for it. In the Setup Wizard, you set the IP address of the trusted interface, and the configuration passphrase on the Firebox. You must know this IP address and passphrase to save the converted configuration to the device.

  • For more information about the Web Setup Wizard, see the Quick Start Guide that shipped with your Firebox or see Run the Web Setup Wizard in the WatchGuard System Manager v11.8.x Help.
  • For more information about the Quick Setup Wizard, see Run the WSM Quick Setup Wizard in the WatchGuard System Manager v11.8.x Help.

To save the converted configuration to the Firebox:

  1. Connect your computer to a trusted interface on the new Firebox.
  2. In Policy Manager, select File > Save > To Firebox.
  3. In the Firebox Address or Name text box, type the IP address of the Firebox interface you are connected to.
  4. In the Configuration Passphrase text box, type the configuration passphrase of the new Firebox.
    If the new device uses the default configuration, the Configuration Passphrase is readwrite.
  5. Click OK.
  6. In the File Name text box, type the file name to save the configuration file.
  7. Click Save.
  8. If the IP address you typed in the Firebox Address or Name text box in Step 3 does not match any of the IP addresses in the configuration file, Policy Manager displays a warning. Click Yes to confirm that you want to save the file.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search