Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Converting/Combining R77 style policy to R80 Unified/Zone Based Tools

I've successfully used the SmartMove tool to migrate Cisco ASA policies (2 policies that were merged into 1 ASA file) into an R80.20 Unified Policy with Zones. The built in ability to create an optimized policy (reducing >4k lines to ~750 rules) and put them into a zone based configuration should be marked as a job well done by the development team!

I have a large number of existing policies that were conversions from ASAs that were converted under the confwiz tool.  I'm wondering if there is any tool that has been able to leverage the power of the SmartMove to take the information available from  the topology of the gateway that the policy applies to, and convert it to a Unified/Zone Based policy.

Any thoughts or insight into this are appreciated.

Paul G, CCSM

0 Kudos
3 Replies
Highlighted
Admin
Admin

When Confwiz was developed, there were no zone-based policies in Check Point.
Also, I don't believe it did much in the way of policy optimization.

It's possible SmartMove could be modified to take an existing configuration and optimize it like you suggest.
Another option is to leverage SmartOptimize, a service you can purchase from Check Point Professional Services.
0 Kudos
Highlighted
Collaborator

Hi Daemon, thank you for the feedback.

On the modification of the SmartMove, is that something to take up with CP development/engineering, or is there some other avenue available to modify it?

Since I'm a CP reseller, and not an end customer, I'd prefer to not use the option of Professional Services.

Paul G.

0 Kudos
Highlighted
Admin
Admin

The source code for SmartMove is published on GitHub under the Apache License v2.
You're welcome to modify it to suit your needs per the license terms.
https://github.com/CheckPointSW/SmartMove
0 Kudos