Vendor-to-vendor migration playbooks with Claude as your translator. Decision trees, gotchas, rollback plans.
A field-tested playbook for moving from Cisco ASA to pfSense — the security-level trap that breaks one-to-one ACL translation, NAT and VPN mapping, the AnyConnect problem, gotchas, and a rollback plan. Plus the Claude prompt that does the line-by-line translation.
CISCO ASA → pfSense security-level → (none) access-list → Firewall ▸ Rules nat (inside,out) → Firewall ▸ NAT [!] ASA trusts by level; pfSense does not
Moving from FortiGate to OPNsense means unbundling one of FortiGate's all-in-one firewall policies into the separate rule, NAT, and inspection objects OPNsense uses — and rebuilding the SD-WAN and UTM behavior people forget they turned on. The conceptual map, the policy-unbundling trap, gotchas, a rollback plan, and the Claude prompts that do the translation.
FORTIGATE → OPNsense firewall policy → Rule + NAT + UTM UTM profiles → Suricata / proxy SD-WAN rules → gateway groups [!] 1 policy = 4 OPNsense objects