Check Point R80.x to Palo Alto Migration

cancel
Showing results for 
Search instead for 
Did you mean: 

Check Point R80.x to Palo Alto Migration

L0 Member

Hi All,

 

My client has big Check Point VSX setup with multi-domain (MDM/CMA) management. Gateway/Firewall are running R80.30 and Management is running R80.40. We are now replacing Check Point firewall's with Palo Alto firewall's.

 

I have Expedition tool installed and ready but i am unsure on next step as i have read through few links and forums but do not get concrete direction on how to export config from MDM Management for all domains one-by-one and convert it to Palo Alto configuration.

 

Any help is highly appreciated.

4 REPLIES 4

L1 Bithead

Hi @AshishWAPOL , 

 

Recently worked on the similar task. This threat helped me a lot:

https://live.paloaltonetworks.com/t5/expedition-articles/migrating-checkpoint-r80-updated-on-decembe...

Hi @armingojak 

 

Thanks for your reply. Yes, i read through that URL too and followed exact same steps i.e. i ran that from MDM as well as from CMA's and it do generates the file but when i read through that file it says "0 package exported" and no configuration is actually exported. We are running MDM/CMA on R80.40.

Hi @AshishWAPOL 

 

I have used this command and it worked for me, also running MDM R80.40:

java -jar web_api_show_package-jar-with-dependencies.jar -c -m server-ip -d domain-name -k package-name

 

Where:

• [-m server-ip] (Optional): Management server ip address. Default value is 127.0.0.1.

• [-d domain-name] (Optional): The name or uid of the Security Management Server domain.
When running the command on a Multi domain server the default domain is the "MDS".

• [-c] (Optional): Retrieve access policy rules hit counts.

• [-k package-name] (Optional): The package name or the uid of the policy package to show.
When a package-name is not provided, the tool will provide details on all the policy-packages
that are being used (the ones that were installed on the security gateways).

Hello,

 

Have you looked at our export documentation for Checkpoint?

 

https://panos.pan.dev/docs/expedition/expedition_export

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!