cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

exporting security fw rules +500 issues

we are moving the r77 config to a file from the ckpoint 

however when we try to export en 2 or 3 files the security rules (more than 500 rules) we are not able to do it.

we know that r80 in the command line you can do it

but we weren't able to use the same commands in the R77 to accomplish this task.

if we open the exported file in a XML editor we can read  and find the 500 + rules, but we need to squeeze in 2 or 3 files this rules from the CKpoint device in R77.

 

any Ideas mates?

 

cordially

jose espinoza

0 Kudos
6 Replies

Re: exporting security fw rules +500 issues

Jose,

What do you want to export? Rulebase and objects or configuration from a gateway?

  • Rulebase and objects: I never heard that you can split multiple files, at least in normal upgrades. Amount of rules is not an issue. Use the export utility on the management or standalone deployment. Make sure to run the pre verifier first and correct all the issues, then import using the same tools on a lab to test prior final deployment.
  • Gateway configuration: This includes interfaces, routes, ntp, pbr, etc. You can backup this by running the show configuration from > and copying it to a text file, then paste it on the new gateway. Make sure that interface order is the same.

Also remember that you can always do an in place upgrade, personally I prefer to do a fresh install.

____

https://www.linkedin.com/in/federicomeiners/
0 Kudos

Re: exporting security fw rules +500 issues

hi there

 

let me re-phrase, we have a checkpoint fw using R77 os version, and we and to migrate the whole config file to a migration tool, there is a group of securtiy rules or firewall rules in the checkpoint which are 505 rules, the migration tool (another brand) onoy can "read" and merge chunks of 400, in this case, we know that in the CLI in R80 and up you can export configuration of security_firewall rules by segments : from 1-to-300, from 301-to-505 by example.

we need to accomplish the same this under R77, we know you can only export security_firewall rules under export utility but can split the file like using CLI under R80 os version.

I hope this clarify what we need to reach.

cordially

jose

0 Kudos

Re: exporting security fw rules +500 issues

I get it.

The main reason for this to be possible in R80.XX is because of the API (mgmt_cli). For R77 I suggest that you look at this post Export rules to CSV

Looks like that you will have to split de rulebase by yourself in the CSV. Maybe create another policy package with X number of rules and exporting it?

https://www.linkedin.com/in/federicomeiners/

Re: exporting security fw rules +500 issues

hi there

yes, that what we did it, we exported just the security rules to an CSV file, splitted in two files.

we were able to read and export to the Expedition tool

thanks

jose

0 Kudos
Admin
Admin

Re: exporting security fw rules +500 issues

What tool(s) are you trying to use on R77.x to achieve this task?
Are you trying to migrate this configuration into an existing R80.x that already has some existing configuration?
0 Kudos

Re: exporting security fw rules +500 issues

hi there

 

no, we are trying to export from a CKpoint R77 to  the Expedition tool but, we find out right now what to do to solve.

thank you

jose

0 Kudos