cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

FWSM migration to Checkpoint R80.10

Hello,

Is it possible to migrate FW & NAT policies, objects from Cisco FWSM to R80.10. SmartMove most probably doesnt support FWSM yet but i was wondering if the old Confwiz would work ?

0 Kudos
1 Reply
Ray_Lal
Iron

Re: FWSM migration to Checkpoint R80.10

Pretty sure you can, but I'll let someone who knows better confirm. I did it for one of my clients in the past, however we migrated from a whole bunch of ASA's over to a 15600 cluster running R77.30. We used LCMS for the conversion.

I tell you, from my experience, nothing is guaranteed to work as you expect. Be prepared to add missing rules on the go. I found that LCMS missed a tonne of rules, which took a while to sort out, along with NAT rules. Mind you though, we had multiple ASA's that had several internet links, so some were blocking similar inbound traffic.. All together we had over 20k ACL's combined, but LCMS was able to shrink it down to just around 800 IIRC.

I would HIGHLY recommend exporting your NAT's out to excel. Once you convert(Whether LCMS/Manual script), check check check!

0 Kudos