04-20-2021 05:36 AM
My client has big Check Point VSX setup with multi-domain (MDM/CMA) management. Gateway/Firewall are running R80.30 and Management is running R80.40. We are now replacing Check Point firewall's with Palo Alto firewall's.
I have Expedition tool installed and ready but i am unsure on next step as i have read through few links and forums but do not get concrete direction on how to export config from MDM Management for all domains one-by-one and convert it to Palo Alto configuration.
Any help is highly appreciated.
04-20-2021 07:31 AM
Hi @AshishWAPOL ,
Recently worked on the similar task. This threat helped me a lot:
04-20-2021 07:51 AM
Thanks for your reply. Yes, i read through that URL too and followed exact same steps i.e. i ran that from MDM as well as from CMA's and it do generates the file but when i read through that file it says "0 package exported" and no configuration is actually exported. We are running MDM/CMA on R80.40.
04-21-2021 01:08 AM
I have used this command and it worked for me, also running MDM R80.40:
java -jar web_api_show_package-jar-with-dependencies.jar -c -m server-ip -d domain-name -k package-name
• [-m server-ip] (Optional): Management server ip address. Default value is 127.0.0.1.
• [-d domain-name] (Optional): The name or uid of the Security Management Server domain.
When running the command on a Multi domain server the default domain is the "MDS".
• [-c] (Optional): Retrieve access policy rules hit counts.
• [-k package-name] (Optional): The package name or the uid of the policy package to show.
When a package-name is not provided, the tool will provide details on all the policy-packages
that are being used (the ones that were installed on the security gateways).
04-21-2021 07:45 AM
Have you looked at our export documentation for Checkpoint?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!