Solved

Migrating Chechpoint Firewall policies to CyberGuard Firewall policies.

Posted on 2003-11-17
4
437 Views
Last Modified: 2013-11-16
Hi,

I will be migrating my chekpoint firewall to cyberguard firewall. Is anyone out there have experiece this kind of migration before? If so, what are the things to take note of.

Also, I have a few quries to ask.
Is there a was to import firewall polices into Cyberguard other than manually inserting in.

Below are a typical checkpoint policies
_____________________________________________
1 .  Source 1             Destination 1             Service 1        
                                Destination 2             Service 2
_____________________________________________
2 .  Source 3             Destination 3             Service 2        
      Source 3             Destination 4             Service 3
_____________________________________________

Is there a way I can configure it somewhere similiar to it other than grouping them together in Cyberguard.

Thanks alot.
Regards
LS
0
Comment
Question by:angls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
dschwartzer earned 250 total points
ID: 9776652
angls,
I suggest you do it manually. First I'll explain why, then I'll explain how.

Each object in the rulebase has a lot of properties, some of them are obvious, others not; and these not-so-obvious properties may be the ones holding the whole rulebase together. Cyberguard doesn't have the same set of supported features and properties as Check Point does; so any kind of automatic export-import will lose something. If you have a complex or simple configuration, same thing holds. I'd prefer to spend some time to do it properly once, rather then wasting days and months to figure why something is not working and/or behaving weird.

As for how - have a list of objects, and a separate list of rulebases. (BTW, you can select multiple rules in rulebase (in NG) and copy/paste them)
when you're done with the simple (obvious) properties, open a file ($FWDIR/conf/objects_5_0.C for NG, or $FWDIR/conf/objects.C for 4.1) on the management, and see if you've missed some more properties that you should take to the Cyberguard.
Another important thing, is global properties (search :properties) rather close to the end of the file. These properties define the FW behavior globally. You may also need to 'export' some of these...

Good luck,
d

0
 
LVL 1

Expert Comment

by:jancoulson
ID: 10184187
Can I ask why you are moving from Check Point to Cyberguard. Most people would want to do it the other way around :o)
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976384
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: dschwartzer


Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question