This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ofir_Shikolski
Employee
Employee
‎2021-11-15 04:20 AM

SmartMove Nov 2021 update

Jump to solution

What's new:

Cisco:

Added option to generate a policy without unused objects

Added optimized policy as part of SmartConnector 

Added SmartAnalyze in disable mode 

  • Click here to download the Check Point SmartMove Tool.
 
Labels
1 Solution

Accepted Solutions
Ofir_Shikolski
Employee
Employee
‎2021-12-06 11:14 PM
In response to ChiefSec_CP

Jump to solution

Hi @ChiefSec_CP ,

We plan to release first version very soon.

The first version will only support Fortinet.

We will gradually  add more vendors (Second: Cisco)

View solution in original post

(1)
13 Replies
ChiefSec_CP
Explorer
‎2021-12-06 01:01 PM

Jump to solution

Is there a timeline for when SmartAnalyze will be enabled?

0 Kudos
Ofir_Shikolski
Employee
Employee
‎2021-12-06 11:14 PM
In response to ChiefSec_CP

Jump to solution

Hi @ChiefSec_CP ,

We plan to release first version very soon.

The first version will only support Fortinet.

We will gradually  add more vendors (Second: Cisco)

(1)
Ofir_Shikolski
Employee
Employee
‎2021-12-08 03:24 AM
In response to Ofir_Shikolski

Jump to solution

@ChiefSec_CP 

We just released it: https://community.checkpoint.com/t5/SmartMove/SmartMove-Dec-2021-update/m-p/135790#M417

0 Kudos
genisis__
Advisor
‎2021-12-06 01:05 PM

Jump to solution

The SK refers to R80 and R80.10, I take it this needs to be updated?

0 Kudos
Ofir_Shikolski
Employee
Employee
‎2021-12-06 11:10 PM
In response to genisis__

Jump to solution

Hi @genisis__ ,

R80.10 and above.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
KostasGR
Collaborator
‎2022-02-16 03:14 AM

Jump to solution

Hello Ofir

In case we observe some bugs on SmartMove_B_6_0_8068_6581 version can we report them here?

For example see the below conversion errors.

The common pattern i can see is that are named as *-to- * and *-nets*.

Error creating a rule, missing information for source Cisco object: Object details: XYZ-nets. Using dummy object: _Err_in_topology-line_YZW.;

 

Can you replicate and maybe solve it on the next versions of SmartMove?

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee
Employee
‎2022-02-20 04:00 AM
In response to KostasGR

Jump to solution

Hi Kostas,

This error indicates an issue with the config file parser, this means that it needed to be handled prior to running smartmove.

Can you send me this file offline? ofirs@checkpoint.com 

 

0 Kudos
KostasGR
Collaborator
‎2022-02-21 02:25 AM
In response to Ofir_Shikolski

Jump to solution

Hello Ofir

The smartmove version 5.1.7668.31064 parses fine the same config file but in that version we can't have the cp_objects_opt.json file.

Is it a way to find more info by enabling debugging on SmartMove.exe and send you that info?

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee
Employee
‎2022-02-21 03:58 AM
In response to KostasGR

Jump to solution

Hi @KostasGR ,

It a very old version (5.1.7668.31064) since 2020 without optimization support.

Please download the new version of SmartMove : https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

 

 

0 Kudos
KostasGR
Collaborator
‎2022-02-21 10:15 AM
In response to Ofir_Shikolski

Jump to solution

Hello Ofir

I think that i can explain why this is happening. Maybe the latest version of Smartmove checks also for reserved words.

As far as i can read from https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...  -nets- and -to- are reserved words that should not be used within objects definition (i.e., Network Objects, Users, Groups, etc.).

As concerns duplicate objects checks with smartconnector method we have obseved that if a Group_A already on management server has a member a  network 192.168.1.0/30 and an imported Group_B has 4 hosts 192.168.1.0-3 the Group A is not used instead of Group B.As a result a duplicate Group is imported.

BR,
Kostas

 

 

0 Kudos
Ofir_Shikolski
Employee
Employee
‎2022-02-21 11:33 PM
In response to KostasGR

Jump to solution

Hi Kostas,

SmartMove checks reserved words. (since day 1)

Since I do not have the file , it is hard to see it like you.

'missing information for source Cisco object '- this means an issue with the source object in the ACL.

 

About smartconnector - in case network rage  192.168.1.0/30 already exists, it will reuse it .

You can see the thread with which objects Smartconnector handles : https://community.checkpoint.com/t5/SmartMove/How-smartmove-latest-version-handle-duplicate-objects/...

About Groups - Smartconnector only checks for existing names and not the content of it.

 

 

 

0 Kudos
KostasGR
Collaborator
‎2022-03-02 07:30 AM
In response to Ofir_Shikolski

Jump to solution

Hello Ofir

One more issue with latest Smartmove/smartconnector with opt file. Any idea how to troubleshoot this ? 

processing access rule: #22,
WARN: Runtime error: an eclipse error has occurred enable logging on EclipseLinkExceptionHandler to see full error
REPORT: access rule is not added

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee
Employee
‎2022-03-02 10:54 PM
In response to KostasGR

Jump to solution

Hi @KostasGR ,

This indicates about  Quantum Security Management issue, the best will be to involve our support with that.

 

0 Kudos
Labels