ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
In this case, "Internet Security" is my Rulebase to export for migration. Based on what we have seen from the Checkpoint API, in case we have more than 400 rules, we have to use an offload to generate exportations in chunks of 400 rules, which means if we have 650 security rules, we will have to do this:
mgmt_cli show access-rulebase offset 0 limit 400 name "Internet Security" details-level "full" use-object-dictionary true --format json > RuleSet_0_400.json mgmt_cli show access-rulebase offset 401 limit 650 name "Internet Security" details-level "full" use-object-dictionary true --format json > RuleSet_401_650.json
After we created all the json files, we will need to create a new file, and we will name it "order" to put inside the filenames in the order they need to be read, like in this example:
Edit "order" file
After that, we have to ZIP it. To do it right, all these three files need to be under the same folder, and from within the folder, we can run the command from the CLI:
zip Rules.zip *
This will create a new Rules.zip only contaning the three files without any other folder inside. It's important to remember when you create the ZIP file to avoid having any folder inside the ZIP file—just the json and "order" files.
If the Security rules are less than 400, we have to just export to a single json file. There is no need to ZIP it then.
Exporting Nat Rules
For Nat rules, we have found the limitation is for 500 Nat Rules per export, so we can apply the samething we did with the Security Rules. For example, we are going to sat we have 600 Nat Rules.
Notice the name of the Ruleset, in this case, is Internet without Security at the end. You have to check from the SmartCenter to see the Nat ruleset Name.