https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182436#M7074 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2023-05-29_21-13.jpeg" style="width: 545px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21122i1DB3A30F22B013B0/image-size/large?v=v2&amp;px=999" role="button" title="2023-05-29_21-13.jpeg" alt="2023-05-29_21-13.jpeg" /></span><BR /><BR />its end of per user section and start per device. But all virtual groups has computer type on-premise and contain only machines. All rules from on-premise simply moved from on-premise and starts from per user. Rule 76 was created in cloud. Befor per device section was only with default rule. But all machines has rules from per users section from above.&nbsp;</P> Mon, 29 May 2023 18:19:48 GMT Serg78 2023-05-29T18:19:48Z https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182433#M7072 <P>Hi! We started migration from on-premise endpoint managemant to Infinity portal. Was used migration script from portal. Database was successfully exported and imported. After that we see all ours firewall rules was assigned to per user section but all of them was in computer vitrual groups and we use local firewall for micro segmentation. We have 70+ rules. After reconnect machines get a right rule which was assigned before on-premise. When we try create new rule its new rule do not assign to machine and if we create new rule in per device section - this rule do not assign too because, as we think, works old rule which stay upper then new. So, recreate all rules manually will take a lot of time.&nbsp;<BR />Is this normal and which way can be for moving all firewall rules from per user to per device? We need mixed mode, because App conrol rules uses users groups.</P> Mon, 29 May 2023 18:07:26 GMT https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182433#M7072 Serg78 2023-05-29T18:07:26Z https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182434#M7073 <P>I did this migration few times without an issue. Just to make sure Im not misunderstanding anything, can you please attach a screenehot of an example you are referring to? Blur out any sensitive data.</P> <P>Cheers,</P> <P>Andy</P> Mon, 29 May 2023 18:10:20 GMT https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182434#M7073 the_rock 2023-05-29T18:10:20Z https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182436#M7074 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2023-05-29_21-13.jpeg" style="width: 545px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/21122i1DB3A30F22B013B0/image-size/large?v=v2&amp;px=999" role="button" title="2023-05-29_21-13.jpeg" alt="2023-05-29_21-13.jpeg" /></span><BR /><BR />its end of per user section and start per device. But all virtual groups has computer type on-premise and contain only machines. All rules from on-premise simply moved from on-premise and starts from per user. Rule 76 was created in cloud. Befor per device section was only with default rule. But all machines has rules from per users section from above.&nbsp;</P> Mon, 29 May 2023 18:19:48 GMT https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182436#M7074 Serg78 2023-05-29T18:19:48Z https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182437#M7075 <P>Sorry mate, my bad, did not read the post properly. I had it in my head it was smart-1, NOT endpoint management, though you clearly indicated that, apologies. For that, Im really not sure, never migrated endpoint server, so really have no idea. Maybe someone else can verify.</P> <P>Might be worth checking with TAC as well.</P> <P>Andy</P> Mon, 29 May 2023 18:35:24 GMT https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182437#M7075 the_rock 2023-05-29T18:35:24Z https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182438#M7076 <P>I can not find anything relevant for my situation and how migrate must works properly with rules and with&nbsp;<SPAN>new policy operation mode.</SPAN></P> Mon, 29 May 2023 18:41:06 GMT https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182438#M7076 Serg78 2023-05-29T18:41:06Z https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182439#M7077 <P>I cant say for sure, as I had only done migration from regular mgmt to smart-1 cloud and all the rules would always move over correctly.</P> <P>Andy</P> Mon, 29 May 2023 18:42:36 GMT https://community.checkpoint.com/t5/Endpoint/Assignment-Firewall-rules-after-migrating/m-p/182439#M7077 the_rock 2023-05-29T18:42:36Z