diff --git a/src/migration-scripts/firewall/17-to-18 b/src/migration-scripts/firewall/17-to-18
index 891f9f195..34ce6aa07 100755
--- a/src/migration-scripts/firewall/17-to-18
+++ b/src/migration-scripts/firewall/17-to-18
@@ -1,37 +1,41 @@
-# Copyright (C) 2024 VyOS maintainers and contributors
+# Copyright (C) 2024-2025 VyOS maintainers and contributors
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
 # License as published by the Free Software Foundation; either
 # version 2.1 of the License, or (at your option) any later version.
 #
 # This library is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public License
 # along with this library.  If not, see <http://www.gnu.org/licenses/>.
 
 # From
-    # set firewall zone <zone> interface <iface>
+#   set firewall zone <zone> interface RED
+#   set firewall zone <zone> interface eth0
 # To
-    # set firewall zone <zone> member interface <iface>
-    # or
-    # set firewall zone <zone> member vrf <vrf>
-
+#   set firewall zone <zone> member vrf RED
+#   set firewall zone <zone> member interface eth0
 
 from vyos.configtree import ConfigTree
 
 base = ['firewall', 'zone']
 
 def migrate(config: ConfigTree) -> None:
     if not config.exists(base):
         # Nothing to do
         return
 
     for zone in config.list_nodes(base):
-        if config.exists(base + [zone, 'interface']):
-            for iface in config.return_values(base + [zone, 'interface']):
-                config.set(base + [zone, 'member', 'interface'], value=iface, replace=False)
-            config.delete(base + [zone, 'interface'])
\ No newline at end of file
+        zone_iface_base = base + [zone, 'interface']
+        zone_member_base = base + [zone, 'member']
+        if config.exists(zone_iface_base):
+            for iface in config.return_values(zone_iface_base):
+                if config.exists(['vrf', 'name', iface]):
+                    config.set(zone_member_base + ['vrf'], value=iface, replace=False)
+                else:
+                    config.set(zone_member_base + ['interface'], value=iface, replace=False)
+            config.delete(zone_iface_base)