Solved

Migrating Chechpoint Firewall policies to CyberGuard Firewall policies.

Posted on 2003-11-17
4
436 Views
Last Modified: 2013-11-16
Hi,

I will be migrating my chekpoint firewall to cyberguard firewall. Is anyone out there have experiece this kind of migration before? If so, what are the things to take note of.

Also, I have a few quries to ask.
Is there a was to import firewall polices into Cyberguard other than manually inserting in.

Below are a typical checkpoint policies
_____________________________________________
1 .  Source 1             Destination 1             Service 1        
                                Destination 2             Service 2
_____________________________________________
2 .  Source 3             Destination 3             Service 2        
      Source 3             Destination 4             Service 3
_____________________________________________

Is there a way I can configure it somewhere similiar to it other than grouping them together in Cyberguard.

Thanks alot.
Regards
LS
0
Comment
Question by:angls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
dschwartzer earned 250 total points
ID: 9776652
angls,
I suggest you do it manually. First I'll explain why, then I'll explain how.

Each object in the rulebase has a lot of properties, some of them are obvious, others not; and these not-so-obvious properties may be the ones holding the whole rulebase together. Cyberguard doesn't have the same set of supported features and properties as Check Point does; so any kind of automatic export-import will lose something. If you have a complex or simple configuration, same thing holds. I'd prefer to spend some time to do it properly once, rather then wasting days and months to figure why something is not working and/or behaving weird.

As for how - have a list of objects, and a separate list of rulebases. (BTW, you can select multiple rules in rulebase (in NG) and copy/paste them)
when you're done with the simple (obvious) properties, open a file ($FWDIR/conf/objects_5_0.C for NG, or $FWDIR/conf/objects.C for 4.1) on the management, and see if you've missed some more properties that you should take to the Cyberguard.
Another important thing, is global properties (search :properties) rather close to the end of the file. These properties define the FW behavior globally. You may also need to 'export' some of these...

Good luck,
d

0
 
LVL 1

Expert Comment

by:jancoulson
ID: 10184187
Can I ask why you are moving from Check Point to Cyberguard. Most people would want to do it the other way around :o)
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976384
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: dschwartzer


Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question