This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About allabres
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About allabres
Online
1Post
0Likes
0Solutions
Sep 27, 2023Last Visited
User
Activity
User
Profile
Latest posts by allabres
| Subject | Views | Posted |
|---|---|---|
| 9857 | 05-31-2018 10:30 AM |
User Badges
Community Statistics
| Member Since | 01-21-2016 03:04 PM |
| Date Last Visited | 09-27-2023 09:07 AM |
| Posts | 1 |
05-31-2018
10:30 AM
There where 2 issues on this case: -----------------------------------------
1) The issue initially was pulling the information from the correct Checkpoint Security Gateway/Firewall BUT by mistake they where pulling the NAT coonfiguration from the wrong Source (Diffrerent Firewall) using the guide command below:
The correct Security rules firewall set is : "Internet Security"
mgmt_cli show access-rulebase offset 0 limit 400 name "Internet Security" details-level "full" use-object-dictionary true --format json > RuleSet_0_400.json mgmt_cli show access-rulebase offset 401 limit 400 name "Internet Security" details-level "full" use-object-dictionary true --format json > RuleSet_401_800.json mgmt_cli show access-rulebase offset 801 limit 400 name "Internet Security" details-level "full" use-object-dictionary true --format json > RuleSet_801_1200.json
giving the files : RuleSet_0_400.json RuleSet_401_800.json RuleSet_801_1200.json
we ZIP them into -> RuleSet_Security.zip
The NATs where pulled from the wrong Firewall mgmt_cli show nat-rulebase offset 0 limit 500 package "Bill_Fw" details-level "full" use-object-dictionary true --format json > NATRuleSet_0_500.json mgmt_cli show nat-rulebase offset 501 limit 500 package "Bill_Fw" details-level "full" use-object-dictionary true --format json > NATRuleSet_501_1000.json mgmt_cli show nat-rulebase offset 1001 limit 500 package "Bill_Fw" details-level "full" use-object-dictionary true --format json > NATRuleSet_1001_1500.json
giving files: NATRuleSet_0_500.json NATRuleSet_501_1000.json NATRuleSet_1001_1500.json
We zip the files into -> NATRuleSet.zip
The correct NAT rules set firewall set is : "Internet NAT" they used "Bill_FW" the load nto the migration tool Expedition of course was wrong and with inconcistancies.
2) the sexonf issue was that Expedition was not taking the ZIP files correctly. It was loading all the .json files from the Security ZIP File but only loading the NAT first file and ignoring the other 3 files on the .zip.
The solution: ----------------
to load all the R80 configuration in this particular case:
- Asked the customer to run the command for the entire configuration as per example below:
mgmt_cli show access-rulebase offset 0 limit 1000 name "Internet Security" details-level "full" use-object-dictionary true --format json > RuleSet_0_100.json
giving 1 security jason File: RuleSet_0_1000.json
And
mgmt_cli show nat-rulebase offset 0 limit 1500 package "Internet NAT" details-level "full" use-object-dictionary true --format json > NATRuleSet_0_1500.json
giving 1 NAT Jason file: NATRuleSet_0_1500.json
Then, the Expedition load was clean and ready to work on the migration tool.
Regards, Alex -
... View more
Contact Me
| Online Status |
Online
|
| Date Last Visited |
09-27-2023
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks