Migration from Check Point to PAN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Migration from Check Point to PAN

L4 Transporter

Hi all,

is there a "Tool" to convert a Check Point Config (security policies etc.) to a PAN Firewall ?

kind rgds

Roland

23 REPLIES 23

Ha!  No you are not wrong.  I stand very corrected.  Apparently I need to update my version of the configuration tool. In fact, I think I'll upgrade right now! Smiley Happy

As of the December release of the migration tool, and I'm looking at the release notes for 1.5.2, the migration tool DOES support IOS 11.X and newer, extended ACL's only.  From the release notes, you should know that VPN and NAT configuration is not converted.

Hope this helps!

I am trying to convert a Check Point (R71) config. I have been feeding all the required files to the migration tool except the routes.txt. I am not clear how the content of this file has to look like (syntax) in order to be migrated successfully.

rgds Roland

Hi Roland,

What do you need to know? The Checkpoint files format or the Output from the Migration Tool.

Regards

Hi,

actually I need to know how the content of the CP routes.txt file has to look like in order to get converted correctly into the xml.

rgds

Roland

You don't need to put in any Interface IP's. Only put int the networks:

Destination     Gateway     Genmask     Flags     MSS Window irtt Iface

192.160.0.0     0.0.0.0     255.255.255.0 U     0 0     0 eth0

196.168.10.0   0.0.0.0     255.255.255.0 U     0 0     0 eth1

192.168.20.0 192.168.10.10 255.255.255.0 U 0 0     0 eth1

Hi,

we are supporting a lot of OS, and the only you need to know is frmo your OS how to obtain the routing table:

For Example: SecurePlatform (from the gateway, not from the SmartCenter)

# netstat -nr > routes.txt  

another, from a Nokia

# you can enter to "iclid" and execute "show routes" and copy the output to a file named routes.txt

that's all

Albert Estevez

Hi Albert,

I am trying to convert from a Checkpoint R65, and am using the routes.txt file, below is what is in that file.

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.101.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
192.168.102.0   0.0.0.0         255.255.255.0   U         0 0          0 eth3
192.168.103.0   0.0.0.0         255.255.255.0   U         0 0          0 eth4
192.168.11.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
216.207.173.0   0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.0.0     192.168.11.2    255.255.0.0     UG        0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         216.207.173.1   0.0.0.0         UG        0 0          0 eth1

When I attempt to use the migration tool and upload this file as my routes.txt, I get the errror:

No routes.txt or empty file or cannot find the local interfaces, putting all rules in the Trust zone.

Any ideas on why I would be getting this error?

I am running version 1.5.4.

Thanks!

Mike

Albert,

Can you help with migrating from Cisco ? We have to migrate some Huawei firewalls . They are basically Cisco devices .

Thanks

If you are using the Migration tool, migrating from Cisco is fairly straightforward, the only thing that won't migrate for you is the NAT rules.  Recreating those is pretty straightforward though just be sure to use the bi-directional checkbox since I think that's how most/all Cisco NAT rules are.

  • 12253 Views
  • 23 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!