Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sann
Explorer
Jump to solution

Panorama to CheckPoint

Hello everyone,

recently I have a customer who wants to use Smart Move to convert Palo Alto's configuration to CheckPoint.

I have obtained the customer's Panorama configuration file (.tgz), and an error occurs when using smart move. 

Thank you

0 Kudos
1 Solution

Accepted Solutions
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

Update-

We worked offline and we found that the (PAN) Panorama outputs format was different, we updated SmartMove to support it.

View solution in original post

12 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

Hi,

Which version do you use? can you see debug.log file?

Are you using TAP mode? 

 

0 Kudos
Sann
Explorer

The Panorama version I am using is 10.0. The gateway version is 8.1.

I also tried to use the gateway's xml file directly to convert through SmartMove. The conversion did not report any errors, but there was no result output.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

@Sann ,

Using XML form GW will not work while using Panorama.

Which version of SmartMove do you use? can you see debug.log file?

Are you using TAP interfaces? 

0 Kudos
Sann
Explorer

Sorry, can you tell me what the TAP interface is?

0 Kudos
Sann
Explorer

Hello, there is no TAP interface in the customer's configuration at present. They are all ordinary physical interfaces

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

@the_rock - thanks 🙂

@Sann ,

Thanks , can you extract the files and send me the structure of it? you can email me privately : ofirs@checkpoint.com 

I saw cases that export file was incorrect and due to it SmartMove did not able to pare the files.

if there is any way to send me the files, 100% that we will fix it much quicker .

 

BR,

Ofir S

0 Kudos
the_rock
Legend
Legend

I did this with Cisco 3 times and never had a problem. Not much of PAN guy (though I do know some basic things about it), but if you want to email me the file directly, happy to give it a go.

0 Kudos
Sann
Explorer

I'm really sorry, because there is customer's network information on the configuration. I can't provide it to you

thank you very much!

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

Update-

We worked offline and we found that the (PAN) Panorama outputs format was different, we updated SmartMove to support it.

the_rock
Legend
Legend

Thanks for sharing a solution to this.

0 Kudos
To_B
Explorer

I assume the corresponding fix is this one: https://github.com/CheckPointSW/SmartMove/commit/58d249452c5ba1dcb109582dc1b9ca5aaa6e4465

Unfortunately this breaks SmartMove for a PaloAlto (8.1) config export where panorama isn't the first device in alphabetical order.

Example contents of a no longer working export file:
devfw01_111111111111.xml
devfw02_222222222222.xml
panorama_333333333333.xml
prodfw02_444444444444.xml
prodfw02_555555555555.xml

Before the code change, every file would be checked for existence of a node "panorama" until there is a match.
After the code change, the first file is assumed do be the panorama config without checking anything.

0 Kudos
(1)
Upcoming Events

    CheckMates Events