Solved

Migrating Chechpoint Firewall policies to CyberGuard Firewall policies.

Posted on 2003-11-17
4
433 Views
Last Modified: 2013-11-16
Hi,

I will be migrating my chekpoint firewall to cyberguard firewall. Is anyone out there have experiece this kind of migration before? If so, what are the things to take note of.

Also, I have a few quries to ask.
Is there a was to import firewall polices into Cyberguard other than manually inserting in.

Below are a typical checkpoint policies
_____________________________________________
1 .  Source 1             Destination 1             Service 1        
                                Destination 2             Service 2
_____________________________________________
2 .  Source 3             Destination 3             Service 2        
      Source 3             Destination 4             Service 3
_____________________________________________

Is there a way I can configure it somewhere similiar to it other than grouping them together in Cyberguard.

Thanks alot.
Regards
LS
0
Comment
Question by:angls
4 Comments
 
LVL 3

Accepted Solution

by:
dschwartzer earned 250 total points
ID: 9776652
angls,
I suggest you do it manually. First I'll explain why, then I'll explain how.

Each object in the rulebase has a lot of properties, some of them are obvious, others not; and these not-so-obvious properties may be the ones holding the whole rulebase together. Cyberguard doesn't have the same set of supported features and properties as Check Point does; so any kind of automatic export-import will lose something. If you have a complex or simple configuration, same thing holds. I'd prefer to spend some time to do it properly once, rather then wasting days and months to figure why something is not working and/or behaving weird.

As for how - have a list of objects, and a separate list of rulebases. (BTW, you can select multiple rules in rulebase (in NG) and copy/paste them)
when you're done with the simple (obvious) properties, open a file ($FWDIR/conf/objects_5_0.C for NG, or $FWDIR/conf/objects.C for 4.1) on the management, and see if you've missed some more properties that you should take to the Cyberguard.
Another important thing, is global properties (search :properties) rather close to the end of the file. These properties define the FW behavior globally. You may also need to 'export' some of these...

Good luck,
d

0
 
LVL 1

Expert Comment

by:jancoulson
ID: 10184187
Can I ask why you are moving from Check Point to Cyberguard. Most people would want to do it the other way around :o)
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976384
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: dschwartzer


Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Create Sample Internet Traffic 1 78
CLOUD SECURITY 3 77
Class Map is not matching traffic on Global Policy??? 2 48
Sonicwall Email los and Alerts 1 59
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now