Status of the migration tool

Hello SayFriedLight,

on the contrary, I see a really big advantage in using the "Internet" object in UTM v9. Therefore, if you look at the description of this object for IPv4 or IPv6, here is "" Any "network, bound to interfaces with default gateway". Etc. all networks available ONLY on the Internet BEHIND default gateway or Uplink Interfaces. Because, compared to the "Any" network object (which you most likely use), the "Internet" object does not include any internal networks and possibly DMZ networks defined behind the firewall internally as a subset of the relevant IPv4 / IPv6 networks.

This is a fundamental difference between "Any" and "Internet" objects. From my point of view, my firewall rule set (when using the "Internet" object) is logically much more secure and also necessarily with less firewall rules, because I do not have to deal with potential security collisions when using the "Any" object. Furthermore, the "Internet" object is essentially a WAN zone definition in UTM v9, as defined as a zone object in the XG Firewall!
So, for the above reasons, I see very good (above) reasons why, when defining firewall rules in UTM v9 for communication from any internal network in the direction to the Internet, use "Internet" as the target network in the Internet.

And therefore (again for the above reasons) I claim and Sophos confirmed that the migration of the "Internet" object is wrong in the current version of the migration tool, as they themselves have verified in their internal tests.

Regards

alda

I use Internet object too on my installation and I taught my customers to use Internet for everything that is not LAN or inside their network.

Any is very dangerous and must be used carefully. I fully agree with Alda.

The tool must be optimized to migrate the full configuration, even WAF.

It is not impossible, as there is code behind and it can be done.