09-24-2019 07:04 AM
hello team
We have to migrate a Checkpoint R77 policies firewal security rules +400 rules policy migration, however we can't see those policies when we export to the expedition tool, we know that in R80 version you can use the CLI on the CKpoint to export in pieces those big amount of rules from 0-400 and from 400-800 and so.
we try to use the same commands from R80 to do the same in the R77, but those commands failed, there is another way to do in the CheckPoint R77? any hint?
cordially
Jose
09-24-2019 11:49 AM
Hey!
I think this has to do with the fact that Gaia pre-R80 handles files in a different format that R80+ (R80 is postgres). So, if you're migrating from R77 those commands won't work.
There is a selector on top of Expedition when you're importing the config that lets you choose whether the config comes from a pre-R80 or a R80+ system.
In the case of pre-R80, you will need these files:
Hope this helps!
09-24-2019 12:06 PM
hi CMachado
the problem is that migration tool can only read under 400 lines of rules, we are not able to read it when we upload on Expedition, that is why we need to find out how to extract from the CKPoint ONLY the segment relate to security rules or firewall rules and from there upload to the expedition tool.
are we in the same line?
we will check again the files, but until now aren/t able to find the fw rules from the ckpoint.
any other hint?
cordially,
jose
09-25-2019 10:44 AM
Oh, now I get it.
Maybe try opening and editing the rulebase file with Notepad++ and see if you can remove some of the rules from the original config and try to load it into Expedition. Another option would be to ask in the Check Mates community at community.checkpoint.com if there are any equivalents of the R80 commands in R77.
Best of luck.
09-30-2019 07:00 AM
hi there
we use another tool from CKpoint, we were able to get all the config file segmented. we will try today if we can be able to just check the firewall rules (+400).
thanks
10-02-2019 10:02 AM
hi there
just to let you know that , finally, I was able to upload in the Expedition tool, the 400+ fw rules from the Checkpoint , however, I getting issues with the merge, the Expedition just get stuck and freeze while the merge is running.
Ideas? will we need to provision more HW to the expedition server?
any idea is more than welcome
cordially
jose
10-16-2019 08:07 AM
hello to everybody
due the limitation from Ckpoint R77 to split large files, we weren't ables to export to expedition, we finally use a excel table to get the information from CKpoint and manually created in PA 3220 all the 257 FW rules.
we are planning to deploy in production this weekend.
cordially
jose
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
