This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shurik
Contributor
‎2020-04-01 01:48 PM
Jump to solution

Migration to CheckPoint Firewall

Hello guys,

 

We're migrating from old firewalls to CheckPoint. On the old firewall we have about 3,500 security and NAT rules. Unfortunately there is no automatic way to move all existing rules. Would like to see if anyone had the same project and what is the best/quickest way to deal with it?

 

Thank you!

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion
‎2020-04-03 02:47 PM
In response to Shurik
Jump to solution

The normal migration process will allow you to import the CMA into a clean installed R80.30 MDS (on eval Lic). Then you can use the following case: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...
once you have imported the their export into your R80.30 MDS. And move the objects and policy over to your current setup.
Regards, Maarten

View solution in original post

0 Kudos
6 Replies
Maarten_Sjouw
Champion
Champion
‎2020-04-01 02:36 PM
Jump to solution

Which are the old firewalls? What type and brand?
What is running on it, can you export any of the information from it?
Regards, Maarten
0 Kudos
Shurik
Contributor
‎2020-04-01 07:07 PM
In response to Maarten_Sjouw
Jump to solution

It's 77.30, but it managed today by other company, don't really have access to current management server.
Today it's multi domain management server. Ours is single domain.
I understand there is no real export/import way to do it, right?
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-04-01 10:05 PM
In response to Shurik
Jump to solution

You are the owner of that rulebas and you can request them to send you an export of the domain, you need to tell them the version that you need to go to, ie R80.30
What version are you on?
You can setup a VM-Ware R80.30 MDS and import the file they should send you, then you can either use that MDS (by default it is licensed for 2 weeks) to migrate to a SMS with the latest migration tools, however if you are already running a SMS you could also use the API to export the objects and rulebase.
Regards, Maarten
0 Kudos
Shurik
Contributor
‎2020-04-03 02:12 PM
In response to Maarten_Sjouw
Jump to solution

Thanks Maarten!
Theoretically I can request, not sure how long will take them to do it...
I'm on R80.30. Do you know how difficult this process? How good it works?
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-04-03 02:47 PM
In response to Shurik
Jump to solution

The normal migration process will allow you to import the CMA into a clean installed R80.30 MDS (on eval Lic). Then you can use the following case: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...
once you have imported the their export into your R80.30 MDS. And move the objects and policy over to your current setup.
Regards, Maarten
0 Kudos
Shurik
Contributor
‎2020-04-07 12:22 PM
In response to Maarten_Sjouw
Jump to solution

Great, thank you! I will try it in our lab.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events