- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
Checkpoint to Palo Alto using Expedition
- LIVEcommunity
- Collaboration
- Tools
- Expedition
- Expedition Discussions
- Checkpoint to Palo Alto using Expedition
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Checkpoint to Palo Alto using Expedition
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 10:45 AM
We have a Checkpoint mgmt workstation at R77.30 managing firewalls on R75.47. We are attempting to convert the Checkpoint firewalls to Palo Alto using the Expedition freeware software. But the documentation contains no info as to what format the tools needs to see the Checkpoint info. The Checkpoint to HTML product cpdb2web does not apprear to be the tool. And there is no documentation for Expedition that describes exactly what the import files are supposed to look like. I realize Expedition is freeware, but the lack of documentation and mismatched documentation is very frustrating and makes it virtually useless. TAC Doesn't support it so here's a question exactly WHAT is Expedition expecting from Checkpoint in terms of input files and where is that documentation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 10:48 AM
Hello @btalyorrrd
Once you install expedition and head to the import tab the instructions are located there on how to import them. Attached is a screenshot of the steps that need to be taken for an import.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 10:54 AM
But WHAT FILES? What format? There is no documentation. The .xml files generated by the Checkpoint cpdb2web tool aren't it. All it does is give me a vague error about the file not being in correct format.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 11:14 AM
1. Objects_5_0.C - found this on: /opt/CPsuite-R77/fw1/conf
2. Rulebases_5_0.fws - found this on: /opt/CPsuite-R77/fw1/conf
3. PolicyName.W - a file with extension .W”, the filename takes the policy’s name (by default Standard.W). Those files are stored in the SmartCenter (Management) under “$FWDIR/conf”
You will need to perform backups of these types of files, also within expedition it does state the file types that are required. XML is not stated as a supported file type since the object files require .C format and the Rulebases .fws and the Policyname a .W
I believe once you create a backup of these files they should be located within a .tgz file as specified within the checkpoint user manual.
For more information regarding checkpoint I would recommend this document.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 11:23 AM
That's fine. Any idea where this is documented with in Expedition documentation?
Do I import the files as listed or the .tgz file?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 11:25 AM
And do I need the latest beta or stick with the download version?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-18-2020 11:33 AM
You should always upgrade to the latest beta release as there are always news updates and fixes to parse the files you are importing, if you would like to stay up to date with all of the releases we have made with expedition feel free to follow it here.
Once you have your expedition online and have imported your checkpoint files we have written articles on next steps you can take here.
https://live.paloaltonetworks.com/t5/expedition-articles/tkb-p/ExpeditionArticles
Although this is a video on an ASA import most of what you're trying to do applies because after you import your configuration you will need to remap interfaces resolve duplicate addresses etc. So feel free to also view this video has a tool to help with your conversion.
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-
Many questions have been answered here on these forums but we monitor them to help when we can, so feel free to always post more questions here.
- missing config parts on export in Expedition Discussions
- Problem Object groups to migrate Check Point r81 to Palo Alto in Expedition in Expedition Discussions
- Incorrect Username or Password in Expedition Discussions
- Expedition Panorama Log Collector Forwarding - ML-Learning in Expedition Discussions
- Expedition 1.2.20 Hotfix Information in Expedition Release Notes
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
