MT 3.1 and CheckPoint VSX

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MT 3.1 and CheckPoint VSX

L6 Presenter

We're running a really old version of CP 71.40 running VSX with multiple virtual firewalls.

 

This document describes where to get a config file from, but this does't account for a virtualized enviornment and the file nor directory exists for these virtual CheckPoint Firewall.

 

 

https://live.paloaltonetworks.com/t5/Migration-Tool-Articles/Checkpoint-Different-Source-Files-Forma...

 

 

Has anyone had any experience in migrating a CheckPoint config in a VSX enviornment?

 

Thanks in advance for any suggestions.  (We already contacted our support vendor who said basically your version is too old to even provide assitance with)

6 REPLIES 6

L4 Transporter

look for the rulebase in some folder like

/opt/CPmds-R77/customers/<CMA_name>/CPsuite-R77/fw1/conf/rulebases_5_0.fws

 

Regards,

Gerardo.

Thanks I'll take a look!

If you are still having problems, try searching the Migration Tool Discussion forum.  Or post there as the migration tool engineers monitor that forum.

https://live.paloaltonetworks.com/t5/Migration-Tool-Discussions/bd-p/mt_discuss

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

I looked for a MT forum...I didn't find it.  Thanks!  @pulukas I found out my issue.  I looked in "Disucssions" not "Topics")

@glastra1 I was able to find the directory for my virtualized FWs.  In there I found "objects_5_0.C" and "rulebases_5_0.fws"

 

But the MT UI kep saying I needed to import "Policy" too, so I looked in the same folder and only cound "connectra_policy.C"

 

 

When I loaded all 3 up I see the objects, I see "NAT" rules, but in "Security" there are no Security Rules.  Any ideas?

 

 

Thanks,

Brandon

I've only used the Migration Tool a few times and not with Checkpoint, so I'm not sure where you would look.

 

But you really should post this question over in these other discussion forums.  The migration tool developers monitor that forum and respond to questions.  They are not over here on the general topics forum very often.

 

https://live.paloaltonetworks.com/t5/Migration-Tool-Discussions/bd-p/mt_discuss

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 3230 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!