05-13-2019 04:51 AM
Hello Expert,
We are planing to migrate our current checkpoint platform R80 to Palo Alto firewall. I have gone through articles indicating the migration and would like to understand will Expedition tool migrates the NAT and VPN configuration too from checkpoint to palo alto.
Your early response will be highly appreciated.
Thanks in advance.
05-13-2019 11:47 AM
NAT rules are already supported, but not VPN yet.
Notice that for Checkpoint R80.10 in XML format may be missing some address objects if those are not directly referenced in the security rules or NAT rules, but only in other groups. That means that it may not be able to perform a complete migration as objects may not be found.
04-30-2020 12:14 PM
Is there an update?
1. Is there a way to pull the VPN config from Checkpoint R80 (.jar file does not) and
2. Can Expedition migrate the VPN configuration?
04-30-2020 01:04 PM - edited 04-30-2020 01:04 PM
Hello Doug-Elliott,
Checkpoint VPN config migration is not supported at current version.
07-19-2023 10:46 AM
I wanted to see if there was an update to this topic. Looking to move from CP R80.40 to PA 10.4.2-h2. I looked through the release notes, but did not see anything about it. Just wanted to see if I overlooked something.
07-19-2023 02:49 PM
@DarrenVallance VPN for checkpoint migration is still not supported at this point.
07-03-2024 12:49 PM
Can someone explain the process of migrating check-point to palo alto version 81.20..
07-04-2024 12:53 AM - edited 07-04-2024 12:55 AM
Thanks for reaching out.
The steps are the following ones:
1) You export your configuration from your current Checkpoint. See here how to do that: https://pan.dev/expedition/docs/expedition_export/#checkpoint--r80x
2) You login to Expedition UI.
3) You create a new project.
4) You go to import tab, select Checkpoint R80+.
5) You select your downloaded/generated file (*.tar.gz) and click on import.
6) You can monitor the import process by tailing the file (/tmp/error). Execute via CLI "tail -f /tmp/error".
7) After the import process Expedition will show the project Dashboard with a summary of the migrated objects. It is important to check the number of migrated objects and also check the tab Monitor taht contains a checklist of all actions taken by Expedition during the migration.
8 ) At this point you will need to go over your migration workflow removing invalids, duplicates and other issues pointed on the Monitor checklist.
9) After that you will need to merge your Checkpoint configuration with your base config using the drag and drop on the Export tab.
Let me share with you a set of videos explaining the migration workflow using as an example a CISCO configuration.
For your use case the steps will be the same, except the parser that will be Checkpoint:
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-
Hope this helps,
David
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
