This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gaurav_Pandya
Advisor
‎2018-06-27 06:27 AM

Exporting Objects/Groups in R77.30

Hi,

We are moving objects/groups/Networks from one cluster to new cluster. Version is R77.30. We don't want to do migrate export entire database but only objects. Generally I right click on objects/groups/networks, export it and import to new cluster from Smart dashboard.

It is working very well but for some groups, it is not working. It gives error "cannot be exported because of its dependency on 'ambiguous - 385' which is not exportable ".

Anyone have idea about this why it is not allowing to export.

Regards,

Gaurav Pandya

0 Kudos
14 Replies
Danny
Champion Champion
Champion
‎2018-06-27 07:50 AM

Confwiz does the job for you. See:

Check Point Support Tools - Top 10

0 Kudos
Gaurav_Pandya
Advisor
‎2018-06-27 08:12 AM
In response to Danny

Hi Danny,

Migration of objects are from checkpoint to checkpoint.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-27 08:33 AM
In response to Gaurav_Pandya

You can still use Confwiz for this.

0 Kudos
Gaurav_Pandya
Advisor
‎2018-06-27 09:28 AM
In response to PhoneBoy

Hi Dameon/Danny,

I don't want to migrate entire database. only few objects needs to be import.

0 Kudos
ikafka
Collaborator
‎2023-06-15 11:50 PM
In response to PhoneBoy

Does this tool work in standalone r77.30?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-16 02:04 PM
In response to ikafka

Not sure Confwiz will work on R77.30 as it's not listed in the supported versions of the following SK and the internal notes suggest Confwiz wasn't tested in R77.x: https://support.checkpoint.com/results/sk/sk41719
I suggest odump/ofiller, which is available through the community: https://community.checkpoint.com/t5/Scripts/Odumper-and-Ofiller-Exporting-Importing-R5x-R7x-Config/m... 

AlekseiShelepov
Advisor
‎2018-06-27 08:58 AM

You want to migrate all objects, right? Then the easiest option in my opinion is cp_merge command. You can copy objects_5_0.C file from the source management server to the new one, not replace but just put to some folder, use command cp_merge merge_objects and that should be it.

Of course there are some limitations for "advanced" deployments. It will not migrate some objects, for example OPSEC servers. But it works with simple hosts, groups and services.

Although it is said that cp_merge doesn't work with CMAs, I remember that I easily copied objects and policy to a test VM. As I remember, there would be issues if you use cp_merge for migrating policies between CMAs.

Anyway, easier just to try if it works in your case.

0 Kudos
Gaurav_Pandya
Advisor
‎2018-06-27 09:18 AM
In response to AlekseiShelepov

Hi Aleksei,

Yeah it is good idea but problem is there is no requirement to migrate entire database nor entire objects. I want to copy only some big object groups to reduce time and avoid manual efforts.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-27 09:52 AM

Right, when you do the export, remove the objects from the output file that you don't want to import.

0 Kudos
Gaurav_Pandya
Advisor
‎2018-06-28 09:54 AM
In response to PhoneBoy

Ok Dameon. That is good idea.

0 Kudos
Wille010
Contributor
‎2018-06-27 10:51 AM

What groups are we talking about here?

Network groups, groups with exclusions, service groups?

Maybe you can try to clone the exact same group and see if you can export them.

0 Kudos
Gaurav_Pandya
Advisor
‎2018-06-28 09:53 AM
In response to Wille010

It is Network group. I have make cloned and tried to export but no luck.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2019-06-06 03:38 PM
In response to Gaurav_Pandya

Is there any way how to export and import LDAP groups ? cp_merge nor Ofiller (Odumper) are capable of doing such a thing.

Kind regards,
Jozko Mrkvicka
0 Kudos
Blason_R
Leader
Leader
‎2023-06-16 08:52 PM
In response to Gaurav_Pandya

I remember I had done similar stuff when I was doing something like this long back and I had taken a similar approach suggested. I copied Objects_5_0.c and then few link tricks and tips I was able to get the IP addresses, networks, ranges out and then with API commands again wrote a shell script and manually created those in new server.

But its easy if you have moderate proficiency in linux.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top