This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Checkpoint migration to PA-820

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Checkpoint migration to PA-820

Solomon_Grable
L0 Member

‎04-15-2019 01:28 PM

Hello,

Im trying to migrate a CheckPoint to PA-820, but am having issues importing the CheckPoint json config files.  I get the error:

JSON error - Syntax error, malformed JSON

 

There are 439 security rules, 36 NAT rules

 

I have access to the new PA-820, but I don't have access to the CheckPoint - I request info, and hopefully it is executed and sent back to me as requested.

I have Expedition v1.1.13 running on VMWorkstation.

I've added the PA-820 device and seems to be linked sufficiently. 

I've imported a sample palo alto config into a test project, and see the Project Statistics sufficiently.

 

I requested the CheckPoint admin run these commands, and send me the files:

For the Security Rules:

mgmt_cli show access-rulebase name "yourRulebaseName" details-level "full" use-object-dictionary true --format json

 

For the NAT rules:

mgmt_cli show nat-rulebase package "yourRulebaseName" details-level "full" use-object-dictionary true --format json

 

For the Routes:

Routes file can be created by running from the Firewall the command "netstat -nr" or "show route all"

 

 

I have the csv export of the Security and NAT rules, as well as the config file.

The config file shows: Language version: 13.1v1 (is that the Checkpoint software version?)

 

The security rules.json file has source and destination fields that seem to be some kind of object database key.  Could it be they didnt run the object-dictionary part of the command?

"source" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ]

 

Help would be greatly appreciated.

 

0 Likes Likes
2 REPLIES 2

sjanita
L5 Sessionator

‎04-15-2019 04:15 PM

you will need to validate the json formatting. You can try to open the file in firefox for example which provides debug messages as to the source of the malformed json format. 

 

Otherwise if you email the json file to fwmigrate @paloaltonetworks.com I can look at the file.

0 Likes Likes

Solomon_Grable
L0 Member
In response to sjanita

‎04-16-2019 01:53 PM

Thanks, the leading text in the file:

Username:

 before the first opening bracket was the issue as you suggested.

The files imported after removing that text before the first opening {

Thanks

0 Likes Likes
  • 3066 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks