?
Solved

Checkpoint to Juniper migration

Posted on 2009-12-18
3
Medium Priority
?
2,108 Views
Last Modified: 2013-11-16
I have been thrown into a project to replace some old Nokia Checkpoint Firewalls. They have a large number of rules (policies) and a very large number of address book entries. They also have numerous VPNs configured in the VPN manager on the one and traditional mode in the other. They are both in a cluster.

What I am looking to do is find a way to export the config (rules(policies), address book, VPNs configured) into a text format. Once I have it in a text format I can manipulate it into a script that I can import into the new junipers. I have just not been able to figure out how to export the data i need. I do not have a strong Checkpoint background. I also do not have physical access to these systems cause the are at remotes sites in a different country. I do have access to them via the SmartDashboard (read-only) and admin access via ssh.

Any suggestions on how to go about getting this information?
0
Comment
Question by:kurtholm2004
3 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 2000 total points
ID: 26083981
This is unsupported but will give you an idea on what to do.

Try Object Filler and Object Dumper.

http://www.cpug.org/check_point_resources/ofiller_v2.4.tgz

Basically, the tool will allow you to use your objects_5_0.c and create csv files of your objects.

To convert them into Juniper, I would NEVER use any tool that does this, as Juniper, whether its screenos or junos, use security zones andalmost all the the rules will need to be redone, especially regarding NAt.  But at least the tool should give you a head start on the objects.

However, please note, that as you have a lot of rules and objects, I am willing to bet there are a lot of legacy or unused stuff in there.  Once you have converted some of the objects, run through them all to make sure that they are still required.  Use this as a chance to clean your house a little.

HTH
0
 
LVL 9

Expert Comment

by:predragpetrovic
ID: 26086273
I agree with deimark... The best way to do this is to rewrite everything.

predrag
0
 
LVL 1

Author Closing Comment

by:kurtholm2004
ID: 31667842
I fully agree about not using a tool to do the coverting to juniper screen os. I plan on doing that part myself. I just need the raw data to work with and this solution has given me that.

Thanks
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question