https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257648#M1427 <P>Hello,</P> <P>Im trying to migrate a CheckPoint to PA-820, but am having issues importing the CheckPoint json config files.&nbsp; I get the error:</P> <P>JSON error - Syntax error, malformed JSON</P> <P>&nbsp;</P> <P>There are 439 security rules, 36 NAT rules</P> <P>&nbsp;</P> <P>I have access to the new PA-820, but I don't have access to the CheckPoint - I request info, and hopefully it is executed and sent back to me as requested.</P> <P>I have Expedition v1.1.13 running on VMWorkstation.</P> <P>I've added the PA-820 device and seems to be linked sufficiently.&nbsp;</P> <P>I've imported a sample palo alto config into a test project, and see the Project Statistics sufficiently.</P> <P>&nbsp;</P> <P>I requested the CheckPoint admin run these commands, and send me the files:</P> <P>For the Security Rules:</P> <P>mgmt_cli show access-rulebase name "yourRulebaseName" details-level "full" use-object-dictionary true --format json</P> <P>&nbsp;</P> <P>For the NAT rules:</P> <P>mgmt_cli show nat-rulebase package "yourRulebaseName" details-level "full" use-object-dictionary true --format json</P> <P>&nbsp;</P> <P>For the Routes:</P> <P>Routes file can be created by running from the Firewall the command&nbsp;<STRONG>"netstat -nr"</STRONG>&nbsp;or&nbsp;<STRONG>"show route all"</STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I have the csv export of the Security and NAT rules, as well as the config file.</P> <P>The config file shows:&nbsp;Language version: 13.1v1 (is that the Checkpoint software version?)</P> <P>&nbsp;</P> <P>The security rules.json file has source and destination fields that seem to be some kind of object database key.&nbsp; Could it be they didnt run the object-dictionary part of the command?</P> <P>"source" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ]</P> <P>&nbsp;</P> <P>Help would be greatly appreciated.</P> <P>&nbsp;</P> Mon, 15 Apr 2019 20:28:48 GMT Solomon_Grable 2019-04-15T20:28:48Z https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257648#M1427 <P>Hello,</P> <P>Im trying to migrate a CheckPoint to PA-820, but am having issues importing the CheckPoint json config files.&nbsp; I get the error:</P> <P>JSON error - Syntax error, malformed JSON</P> <P>&nbsp;</P> <P>There are 439 security rules, 36 NAT rules</P> <P>&nbsp;</P> <P>I have access to the new PA-820, but I don't have access to the CheckPoint - I request info, and hopefully it is executed and sent back to me as requested.</P> <P>I have Expedition v1.1.13 running on VMWorkstation.</P> <P>I've added the PA-820 device and seems to be linked sufficiently.&nbsp;</P> <P>I've imported a sample palo alto config into a test project, and see the Project Statistics sufficiently.</P> <P>&nbsp;</P> <P>I requested the CheckPoint admin run these commands, and send me the files:</P> <P>For the Security Rules:</P> <P>mgmt_cli show access-rulebase name "yourRulebaseName" details-level "full" use-object-dictionary true --format json</P> <P>&nbsp;</P> <P>For the NAT rules:</P> <P>mgmt_cli show nat-rulebase package "yourRulebaseName" details-level "full" use-object-dictionary true --format json</P> <P>&nbsp;</P> <P>For the Routes:</P> <P>Routes file can be created by running from the Firewall the command&nbsp;<STRONG>"netstat -nr"</STRONG>&nbsp;or&nbsp;<STRONG>"show route all"</STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I have the csv export of the Security and NAT rules, as well as the config file.</P> <P>The config file shows:&nbsp;Language version: 13.1v1 (is that the Checkpoint software version?)</P> <P>&nbsp;</P> <P>The security rules.json file has source and destination fields that seem to be some kind of object database key.&nbsp; Could it be they didnt run the object-dictionary part of the command?</P> <P>"source" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ]</P> <P>&nbsp;</P> <P>Help would be greatly appreciated.</P> <P>&nbsp;</P> Mon, 15 Apr 2019 20:28:48 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257648#M1427 Solomon_Grable 2019-04-15T20:28:48Z https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257659#M1429 <P>you will need to validate the json formatting. You can try to open the file in firefox for example which provides debug messages as to the source of the malformed json format.&nbsp;</P> <P>&nbsp;</P> <P>Otherwise if you email the json file to fwmigrate&nbsp;@paloaltonetworks.com I can look at the file.</P> Mon, 15 Apr 2019 23:15:15 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257659#M1429 sjanita 2019-04-15T23:15:15Z https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257745#M1437 <P>Thanks, the leading text in the file:</P> <PRE>Username: </PRE> <P>&nbsp;before the first opening bracket was the issue as you suggested.</P> <P>The files imported after removing that text before the first opening {</P> <P>Thanks</P> Tue, 16 Apr 2019 20:53:30 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/checkpoint-migration-to-pa-820/m-p/257745#M1437 Solomon_Grable 2019-04-16T20:53:30Z