Hi Andy,

yes it was. Worked fine for the rules but not for the rest.

If you send me the exact process you followed, happy to try it in the lab.

Best,

Andy

As a matter of fact, let me test it now. I will build brand new mgmt in eve-ng on R81.20 and let you know what happens.

Andy

OK. Let me know.

Thank you.

Nuno

Will do. BUT, just to keep it consistent, as I like to do everything the right way the first time, can you please send the EXACT steps you did, so I can follow the same?

Best,

Andy

Sure, please find attached the copy of the script that I run.

I think I will just use built in version 3.9 from $FWDIR/Python dir.

Thank you.

Andy

Just working on something else now, but will do it later on, for sure.

Andy

My colleague and I are having some challenges doing this from ssh, we even tried running it from $FWDIR/Python/bin dir, but no joy. Your screenshot would indicate you did this from windows PC?

Andy

That´s correct, was done from a win PC.

Nuno.

Ok, thats what I thought. Let us see if we can get this going from the actual CP mgmt server, we will try dedicated mgmt and also standalone one.

Best,

Andy

K, was able to replicate it, exact same issue as you on R81.10. I tested it on R81.20, jumbo 45.

Best,

Andy

Hello Andy,

so is there a way to fix this? Did it worked with other versions in the past?

this would be a great solution to import a policy package from one SMS to another one with several policy packages already in place. Migrate_server export and import is not feasible here as it would rewrite contents in destination and doing this manually will consume a lot of hours.

Thank you.

Nuno

Agree. Migrate server imports everything. Not sure about older versions, never tried. Might be worth TAC case.

Andy

Hi Nuno.

I'd like to get involved in this test.  Is there a specific version/package of Python you installed on your Win PC?  I'd like to minimize the differences in our environments for my testing.

Thanks, Mike

Hello Mike,

sorry for the late reply. I ended up by using the python tool directly on checkpoint instead of the windows PC.

(https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-....

It works but around 10 to 15% of the objects are not exported/imported.

Thank you.

Regards,

Nuno

How about this disclaimer?

In the case you are exporting a policy package from a CMA, please verify that a global policy was NOT assigned to that CMA. The tool doesn't support exporting a policy with global policy assigned!

No one mentioned that one in this thread yet.

Hi,

actually it was the other way around, the policy was exported from an SMS (full HA) to a CMA.

The checkpoint gateway objects are not exported so we created the objects on the destination before the import but even so the rules with "install on specific gateways" instead of policy targets were not imported and we had to created them manually as well as the NAT rules. I was lucky since most of the rules was set to be installed on the policy targets otherwise I would have to change this setting on all the rules.

Seems this is a point to be improved on the tool.