cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Iron

Migration to CheckPoint Firewall

Jump to solution

Hello guys,

 

We're migrating from old firewalls to CheckPoint. On the old firewall we have about 3,500 security and NAT rules. Unfortunately there is no automatic way to move all existing rules. Would like to see if anyone had the same project and what is the best/quickest way to deal with it?

 

Thank you!

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: Migration to CheckPoint Firewall

Jump to solution
The normal migration process will allow you to import the CMA into a clean installed R80.30 MDS (on eval Lic). Then you can use the following case: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...
once you have imported the their export into your R80.30 MDS. And move the objects and policy over to your current setup.
Regards, Maarten

View solution in original post

0 Kudos
6 Replies
Highlighted

Re: Migration to CheckPoint Firewall

Jump to solution
Which are the old firewalls? What type and brand?
What is running on it, can you export any of the information from it?
Regards, Maarten
0 Kudos
Highlighted
Iron

Re: Migration to CheckPoint Firewall

Jump to solution
It's 77.30, but it managed today by other company, don't really have access to current management server.
Today it's multi domain management server. Ours is single domain.
I understand there is no real export/import way to do it, right?
0 Kudos
Highlighted

Re: Migration to CheckPoint Firewall

Jump to solution
You are the owner of that rulebas and you can request them to send you an export of the domain, you need to tell them the version that you need to go to, ie R80.30
What version are you on?
You can setup a VM-Ware R80.30 MDS and import the file they should send you, then you can either use that MDS (by default it is licensed for 2 weeks) to migrate to a SMS with the latest migration tools, however if you are already running a SMS you could also use the API to export the objects and rulebase.
Regards, Maarten
0 Kudos
Highlighted
Iron

Re: Migration to CheckPoint Firewall

Jump to solution
Thanks Maarten!
Theoretically I can request, not sure how long will take them to do it...
I'm on R80.30. Do you know how difficult this process? How good it works?
0 Kudos
Highlighted

Re: Migration to CheckPoint Firewall

Jump to solution
The normal migration process will allow you to import the CMA into a clean installed R80.30 MDS (on eval Lic). Then you can use the following case: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...
once you have imported the their export into your R80.30 MDS. And move the objects and policy over to your current setup.
Regards, Maarten

View solution in original post

0 Kudos
Highlighted
Iron

Re: Migration to CheckPoint Firewall

Jump to solution

Great, thank you! I will try it in our lab.

0 Kudos