Check Point R77 firewal security rules +400 rules policy migration

Reply
L1 Bithead

Check Point R77 firewal security rules +400 rules policy migration

hello team

 

We have to migrate a Checkpoint R77 policies firewal security rules +400 rules policy migration, however we can't see those policies when we export to the expedition tool, we know that in R80 version you can use the CLI on the CKpoint to export in pieces those big amount of rules from 0-400 and from 400-800 and so.

we try to use the same commands from R80 to do the same in the R77, but those commands failed,  there is another way to do in the CheckPoint R77? any hint?

cordially

Jose 

If you try the best you can
the bestyou can is good enough
L2 Linker

Re: Check Point R77 firewal security rules +400 rules policy migration

Hey!

 

I think this has to do with the fact that Gaia pre-R80 handles files in a different format that R80+ (R80 is postgres). So, if you're migrating from R77 those commands won't work.

 

There is a selector on top of Expedition when you're importing the config that lets you choose whether the config comes from a pre-R80 or a R80+ system.

image.png

 

In the case of pre-R80, you will need these files:

image.png

 

Hope this helps!

 

L1 Bithead

Re: Check Point R77 firewal security rules +400 rules policy migration

hi CMachado

 

the problem is that migration tool can only read under 400 lines of rules, we are not able to read it when we upload on Expedition, that is why we need to find out how to extract from the CKPoint ONLY the segment relate to security rules or firewall rules and from there upload to the expedition tool. 

are we in the same line? 

we will check again the files, but until now aren/t able to find the fw rules from the ckpoint.

any other hint?

 

cordially,

jose

If you try the best you can
the bestyou can is good enough
L2 Linker

Re: Check Point R77 firewal security rules +400 rules policy migration

Oh, now I get it.

 

Maybe try opening and editing the rulebase file with Notepad++ and see if you can remove some of the rules from the original config and try to load it into Expedition. Another option would be to ask in the Check Mates community at community.checkpoint.com if there are any equivalents of the R80 commands in R77.

 

Best of luck.

L1 Bithead

Re: Check Point R77 firewal security rules +400 rules policy migration

hi there

 

we use another tool from CKpoint, we were able to get all the config file segmented. we will try today if we can be able to just check the firewall rules (+400). 

thanks

If you try the best you can
the bestyou can is good enough
L1 Bithead

Re: Check Point R77 firewal security rules +400 rules policy migration

hi there

just to let you know that , finally, I was able to upload in the Expedition tool, the 400+ fw rules from the Checkpoint , however, I getting issues with the merge, the Expedition just get stuck and freeze while the merge is running.

 

Ideas?  will we need to provision more HW to the expedition server?

any idea is more than welcome

cordially 

jose

If you try the best you can
the bestyou can is good enough
L1 Bithead

Re: Check Point R77 firewal security rules +400 rules policy migration

hello to everybody

 

due the limitation from Ckpoint R77 to split large files, we weren't ables to export to expedition, we finally use a  excel table to get the information from CKpoint and manually created in PA 3220 all the 257 FW rules.

 

we are planning to deploy in production this weekend.

cordially

jose

If you try the best you can
the bestyou can is good enough
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!