04-22-2020 09:33 AM - edited 04-22-2020 09:37 AM
Migrating four Checkpoint clusters into single Panorama/HA firewall pair. My initial thought was to tackle each Checkpoint cluster as it's own project (good/bad idea? not sure how projects fit into overall workflow). Running 18.104.22.168 if it matters.
I was able to import Checkpoints and Panorama base config. I needed to provide rules to someone else for review prior to implementation, did a merge into Panorama then export security rules from Panorama into CSV. This all worked as expected. Now I need to go back to original Checkpoint configs to fix zone names and network interfaces, but the original Checkpoint configs are no longer visible. Makes some sense after a merge.
- Should I tackle this as a single project? Think of a project as a client?
- Do the original source files need to have everything resolved (address objects, zones, interfaces, etc) prior to a merge? Is there a way to go back to fix something in source configuration after a merge, then merge again?
04-22-2020 09:47 AM
It is better to resolve the different parts on each source, to help you focus on each context, but you can also do the different resolutions now on your Panorama source.
As you merged the Checkpoint configuration into the Panorama configuration, now you should be able to see those objects in your Panorama source.
Proceed from there
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!