Migrating Checkpoint R80 [UPDATED on December 2020]

cancel
Showing results for 
Search instead for 
Did you mean: 
L7 Applicator
Did you find this article helpful? Yes No
84% helpful (5/6)

With the new version of Checkpoint Smartcenter R80, the way to obtain the rules has changed. 

 

Exporting Configuration

 

To export the configuration from a Checkpoint R80 we are gonna need to download a tool from the Checkpoint's Github. We want to be sure we download latest version of the tool since the one it comes installed in your SmartCenter usually is old and may contain bugs.

 

So first open your preferred web browser and go to:

 

https://github.com/CheckPointSW/ShowPolicyPackage/releases

 

Check the latest, at the moment of updating this post latest version was 2.0.6, so in order to download it we have to click on the file named: web_api_show_package-jar-with-dependencies.jar

 

https://github.com/CheckPointSW/ShowPolicyPackage/releases/download/V2.0.6/web_api_show_package-jar-with-dependencies.jar

 

After download the file you have to UPLOAD it to your SmartCenter Server where Checkpoint R80 management is running.

Use your SCP preferred tool to do it.

 

Please read the README.md file shown in https://github.com/CheckPointSW/ShowPolicyPackage to understand how to run the downloaded file properly, pay special attention to the Examples

 

Before you run the command verify the Checkpoint API is running otherwise this tool will fail to execute. Please read this if you don' t know how to enable/verify if your API is UP and Running

 

Now you can RUN the tool from CLI as EXPERT

 

java -jar web_api_show_package-jar-with-dependencies.jar -v

 

The output from that command will let you know what Packages are available to export

 

Last command we have to run is the following where PACKAGE_NAME is the name you have chosen from the previous command and in case you are in a MULTI-DOMAIN environment specify the DOMAIN_NAME too (-d is OPTIONAL):

 

 java -jar web_api_show_package-jar-with-dependencies.jar -k <PACKAGE NAME> -d <DOMAIN NAME>

 

This will create a new tgz file which you will use as is to import into Expedition Importation page.

 

Exporting Routing and interfaces

 

From the Firewall CLI, you can run the following:

 

netstat -nr > routes.txt

 

With all this information, we can go to Expedition, Create a new Project, enter the Project, and go to IMPORT > CHECKPOINT > VERSION R80.

 

  1. Assign a name to your configuration such as "MyInternetGW"
  2. Select the tgz file and attache it to the proper input
  3. Select the routes.txt for the routes
  4. Click UPLOAD

 

References: Checkpoint Website article about the show package tool

 

 

Rate this article:
Comments
L4 Transporter

Hi @armingojak Rule Hitcount info is only for PAN-OS configuration with log connector configuration not for checkpoint configuration. 

Register or Sign-in
Contributors
Article Dashboard
Version history
Last update:
‎12-11-2020 01:39 AM
Updated by: