Check Point Support Tools - Top 10

Gaurav_Pandya · ‎2018-06-27

Hi,

We are moving objects/groups/Networks from one cluster to new cluster. Version is R77.30. We don't want to do migrate export entire database but only objects. Generally I right click on objects/groups/networks, export it and import to new cluster from Smart dashboard.

It is working very well but for some groups, it is not working. It gives error "cannot be exported because of its dependency on 'ambiguous - 385' which is not exportable ".

Anyone have idea about this why it is not allowing to export.

Regards,

Gaurav Pandya

Danny · ‎2018-06-27

Confwiz does the job for you. See:

Check Point Support Tools - Top 10

Gaurav_Pandya · ‎2018-06-27

Hi Danny,

Migration of objects are from checkpoint to checkpoint.

PhoneBoy · ‎2018-06-27

You can still use Confwiz for this.

Gaurav_Pandya · ‎2018-06-27

Hi Dameon/Danny,

I don't want to migrate entire database. only few objects needs to be import.

ikafka · ‎2023-06-15

Does this tool work in standalone r77.30?

PhoneBoy · ‎2023-06-16

Not sure Confwiz will work on R77.30 as it's not listed in the supported versions of the following SK and the internal notes suggest Confwiz wasn't tested in R77.x: https://support.checkpoint.com/results/sk/sk41719
I suggest odump/ofiller, which is available through the community: https://community.checkpoint.com/t5/Scripts/Odumper-and-Ofiller-Exporting-Importing-R5x-R7x-Config/m...

AlekseiShelepov · ‎2018-06-27

You want to migrate all objects, right? Then the easiest option in my opinion is cp_merge command. You can copy objects_5_0.C file from the source management server to the new one, not replace but just put to some folder, use command cp_merge merge_objects and that should be it.

Of course there are some limitations for "advanced" deployments. It will not migrate some objects, for example OPSEC servers. But it works with simple hosts, groups and services.

Although it is said that cp_merge doesn't work with CMAs, I remember that I easily copied objects and policy to a test VM. As I remember, there would be issues if you use cp_merge for migrating policies between CMAs.

Anyway, easier just to try if it works in your case.

Gaurav_Pandya · ‎2018-06-27

Hi Aleksei,

Yeah it is good idea but problem is there is no requirement to migrate entire database nor entire objects. I want to copy only some big object groups to reduce time and avoid manual efforts.

PhoneBoy · ‎2018-06-27

Right, when you do the export, remove the objects from the output file that you don't want to import.

Gaurav_Pandya · ‎2018-06-28

Ok Dameon. That is good idea.

Wille010 · ‎2018-06-27

What groups are we talking about here?

Network groups, groups with exclusions, service groups?

Maybe you can try to clone the exact same group and see if you can export them.

Gaurav_Pandya · ‎2018-06-28

It is Network group. I have make cloned and tried to export but no luck.

JozkoMrkvicka · ‎2019-06-06

Is there any way how to export and import LDAP groups ? cp_merge nor Ofiller (Odumper) are capable of doing such a thing.

Kind regards,
Jozko Mrkvicka

Blason_R · ‎2023-06-16

I remember I had done similar stuff when I was doing something like this long back and I had taken a similar approach suggested. I copied Objects_5_0.c and then few link tricks and tips I was able to get the IP addresses, networks, ranges out and then with API commands again wrote a shell script and manually created those in new server.

But its easy if you have moderate proficiency in linux.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Are you a member of CheckMates?

Exporting Objects/Groups in R77.30

Check Point Support Tools - Top 10