Migrating Chechpoint Firewall policies to CyberGuard Firewall policies.

Hi,

I will be migrating my chekpoint firewall to cyberguard firewall. Is anyone out there have experiece this kind of migration before? If so, what are the things to take note of.

Also, I have a few quries to ask.
Is there a was to import firewall polices into Cyberguard other than manually inserting in.

Below are a typical checkpoint policies
_____________________________________________
1 .  Source 1             Destination 1             Service 1        
                                Destination 2             Service 2
_____________________________________________
2 .  Source 3             Destination 3             Service 2        
      Source 3             Destination 4             Service 3
_____________________________________________

Is there a way I can configure it somewhere similiar to it other than grouping them together in Cyberguard.

Thanks alot.
Regards
LS
anglsAsked:
Who is Participating?
 
dschwartzerCommented:
angls,
I suggest you do it manually. First I'll explain why, then I'll explain how.

Each object in the rulebase has a lot of properties, some of them are obvious, others not; and these not-so-obvious properties may be the ones holding the whole rulebase together. Cyberguard doesn't have the same set of supported features and properties as Check Point does; so any kind of automatic export-import will lose something. If you have a complex or simple configuration, same thing holds. I'd prefer to spend some time to do it properly once, rather then wasting days and months to figure why something is not working and/or behaving weird.

As for how - have a list of objects, and a separate list of rulebases. (BTW, you can select multiple rules in rulebase (in NG) and copy/paste them)
when you're done with the simple (obvious) properties, open a file ($FWDIR/conf/objects_5_0.C for NG, or $FWDIR/conf/objects.C for 4.1) on the management, and see if you've missed some more properties that you should take to the Cyberguard.
Another important thing, is global properties (search :properties) rather close to the end of the file. These properties define the FW behavior globally. You may also need to 'export' some of these...

Good luck,
d

0
 
jancoulsonCommented:
Can I ask why you are moving from Check Point to Cyberguard. Most people would want to do it the other way around :o)
0
 
Tim HolmanCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: dschwartzer


Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.