Convert Traditional Mode Policy to Simplified Policy MGMT R80.30

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hello Community,

We are about to start converting a traditional mode policy to simplified mode.

Our MGMT server has already been upgraded to R80.30 so the conversion tool is no longer available (Simplified Mode VPNs have been the default since R5x.), so my understanding at this point is that we have to perform the conversion manually.

We have 100+ S2S L2L IPSEC VPNs with Checkpoint and 3rd party gateways using a mixture of cert-based and PSK auth we will need to create communities for.

There are about 300 ACLs with 'Encrypt' action configured which will need to be changed.

Questions:

1. What is the recommend process to complete this task i.e. step-by-step?

2. a. Can we use the existing traditional mode policy and change the action value to accept and create the communities, or does the policy need to be recreated?

b. If the latter, would the best way be to export the existing objects out of the existing policy and re-importing the objects, with the exception of the Action field value in to a new (simplified mode) policy?

3. Based on experience and knowledge are you aware of any caveats to be aware of with this type of conversion?

Thanks in advance for your guidance.

Regards,

Simon