I think we close this issue. The last single files you sent me this morning as per my request worked, Expedition took them, load the configuration without issues. I got it loaded and all consistent.
- I have done a quick review and it looks clean
- Daniel please review it, I think now you can actually start your migration clean-up process with this.
- You got all objects, object-groups as we should, all the Security Rules and NATs as well as the extra clone created by the tool.
- You got 4 objects “18.104.22.168” that are used, this is normal as they might belong to a Domain type object on Checkpoint, you need to find the value of this object with the customer and replace the 22.214.171.124.
So, what was the issue?
As per my findings, the customer was pulling the configuration from the console (CLI) with wrong parameters. Customer was pulling the right Security Rule set from the right Firewall/gateway but was pulling the NAT rules set from another firewall gateway.
The result of this of course were inconstancies on the loaded configuration to expedition, lots of missing groups, objects, NATs etc.
This usually happens when we use Copy and paste and rush without seen the exact details of the command.
The second problem I need to Share with Albert.
- We did follow the process lay on the guide to migrate R80. The breaking down of the “.jason” as per limits 400 for security rules-set and 500 for NAT rules-set did not work on Expedition.
- I had to ask the customer to create a single “.jason” file for security rules-set and a single file for NAT rules-set.
- Expedition took it and load it fine.
That is all I have on this, please let me know if any comments.
I will update the Blog Paul created with the solution found. Thank you.
---------------- Alex LLabres
... View more
The customer is using SmartCenter (not ProviderOne) and it appears that smartcenter uses some sort of quasi-global object repository that doesn’t export everything when you run the suggested export command in the Migration Tool (Expedition version). PSC's observed that only a subset of the object repository is exported into the config file.
Any Help please? Are we missing something?
... View more
Siebi and UKRB,, I too have run into the same issue,,,we just spun up 300 TS-agents on the weekend and had to disable about 70 agents due to issues with SQL connnections. One of my thoughts is reserved ports for system services. We may need to expand these to say 1025-10000. I looked at the netstat -a table for some of these servers having the issue and most of the sql connections are sourced from between 1025-7000.... Has anybody found a solution yet? At this point just shootin from the hip! 🙂 thanks,,
... View more