Checkpoint to Juniper migration

Posted on 2009-12-18
Last Modified: 2013-11-16
I have been thrown into a project to replace some old Nokia Checkpoint Firewalls. They have a large number of rules (policies) and a very large number of address book entries. They also have numerous VPNs configured in the VPN manager on the one and traditional mode in the other. They are both in a cluster.

What I am looking to do is find a way to export the config (rules(policies), address book, VPNs configured) into a text format. Once I have it in a text format I can manipulate it into a script that I can import into the new junipers. I have just not been able to figure out how to export the data i need. I do not have a strong Checkpoint background. I also do not have physical access to these systems cause the are at remotes sites in a different country. I do have access to them via the SmartDashboard (read-only) and admin access via ssh.

Any suggestions on how to go about getting this information?
Question by:kurtholm2004
    LVL 18

    Accepted Solution

    This is unsupported but will give you an idea on what to do.

    Try Object Filler and Object Dumper.

    Basically, the tool will allow you to use your objects_5_0.c and create csv files of your objects.

    To convert them into Juniper, I would NEVER use any tool that does this, as Juniper, whether its screenos or junos, use security zones andalmost all the the rules will need to be redone, especially regarding NAt.  But at least the tool should give you a head start on the objects.

    However, please note, that as you have a lot of rules and objects, I am willing to bet there are a lot of legacy or unused stuff in there.  Once you have converted some of the objects, run through them all to make sure that they are still required.  Use this as a chance to clean your house a little.

    LVL 9

    Expert Comment

    I agree with deimark... The best way to do this is to rewrite everything.

    LVL 1

    Author Closing Comment

    I fully agree about not using a tool to do the coverting to juniper screen os. I plan on doing that part myself. I just need the raw data to work with and this solution has given me that.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now