topic Re: Check Point R77 firewal security rules +400 rules policy migration in General Topics

Check Point R77 firewal security rules +400 rules policy migration

JoseEspinoza — Tue, 24 Sep 2019 14:04:54 GMT

hello team

We have to migrate a Checkpoint R77 policies firewal security rules +400 rules policy migration, however we can't see those policies when we export to the expedition tool, we know that in R80 version you can use the CLI on the CKpoint to export in pieces those big amount of rules from 0-400 and from 400-800 and so.

we try to use the same commands from R80 to do the same in the R77, but those commands failed, there is another way to do in the CheckPoint R77? any hint?

cordially

Jose

Re: Check Point R77 firewal security rules +400 rules policy migration

CMachado — Tue, 24 Sep 2019 18:49:48 GMT

Hey!

I think this has to do with the fact that Gaia pre-R80 handles files in a different format that R80+ (R80 is postgres). So, if you're migrating from R77 those commands won't work.

There is a selector on top of Expedition when you're importing the config that lets you choose whether the config comes from a pre-R80 or a R80+ system.

In the case of pre-R80, you will need these files:

Hope this helps!

Re: Check Point R77 firewal security rules +400 rules policy migration

JoseEspinoza — Tue, 24 Sep 2019 19:06:54 GMT

hi CMachado

the problem is that migration tool can only read under 400 lines of rules, we are not able to read it when we upload on Expedition, that is why we need to find out how to extract from the CKPoint ONLY the segment relate to security rules or firewall rules and from there upload to the expedition tool.

are we in the same line?

we will check again the files, but until now aren/t able to find the fw rules from the ckpoint.

any other hint?

cordially,

jose

Re: Check Point R77 firewal security rules +400 rules policy migration

CMachado — Wed, 25 Sep 2019 17:44:04 GMT

Oh, now I get it.

Maybe try opening and editing the rulebase file with Notepad++ and see if you can remove some of the rules from the original config and try to load it into Expedition. Another option would be to ask in the Check Mates community at community.checkpoint.com if there are any equivalents of the R80 commands in R77.

Best of luck.

Re: Check Point R77 firewal security rules +400 rules policy migration

JoseEspinoza — Mon, 30 Sep 2019 14:00:38 GMT

hi there

we use another tool from CKpoint, we were able to get all the config file segmented. we will try today if we can be able to just check the firewall rules (+400).

thanks

Re: Check Point R77 firewal security rules +400 rules policy migration

JoseEspinoza — Wed, 02 Oct 2019 17:02:11 GMT

hi there

just to let you know that , finally, I was able to upload in the Expedition tool, the 400+ fw rules from the Checkpoint , however, I getting issues with the merge, the Expedition just get stuck and freeze while the merge is running.

Ideas? will we need to provision more HW to the expedition server?

any idea is more than welcome

cordially

jose

Re: Check Point R77 firewal security rules +400 rules policy migration

JoseEspinoza — Wed, 16 Oct 2019 15:07:34 GMT

hello to everybody

due the limitation from Ckpoint R77 to split large files, we weren't ables to export to expedition, we finally use a excel table to get the information from CKpoint and manually created in PA 3220 all the 257 FW rules.

we are planning to deploy in production this weekend.

cordially

jose