Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ofir_Shikolski
Employee
Employee

SmartMove Nov 2021 update

Jump to solution

What's new:

Cisco:

Added option to generate a policy without unused objects

Added optimized policy as part of SmartConnector 

Added SmartAnalyze in disable mode 

  • Click here to download the Check Point SmartMove Tool.
 
1 Solution

Accepted Solutions
Ofir_Shikolski
Employee
Employee

Hi @ChiefSec_CP ,

We plan to release first version very soon.

The first version will only support Fortinet.

We will gradually  add more vendors (Second: Cisco)

View solution in original post

(1)
13 Replies
ChiefSec_CP
Explorer

Is there a timeline for when SmartAnalyze will be enabled?

0 Kudos
Ofir_Shikolski
Employee
Employee

Hi @ChiefSec_CP ,

We plan to release first version very soon.

The first version will only support Fortinet.

We will gradually  add more vendors (Second: Cisco)

(1)
Ofir_Shikolski
Employee
Employee
0 Kudos
genisis__
Advisor

The SK refers to R80 and R80.10, I take it this needs to be updated?

0 Kudos
Ofir_Shikolski
Employee
Employee
0 Kudos
KostasGR
Collaborator

Hello Ofir

In case we observe some bugs on SmartMove_B_6_0_8068_6581 version can we report them here?

For example see the below conversion errors.

The common pattern i can see is that are named as *-to- * and *-nets*.

Error creating a rule, missing information for source Cisco object: Object details: XYZ-nets. Using dummy object: _Err_in_topology-line_YZW.;

 

Can you replicate and maybe solve it on the next versions of SmartMove?

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee
Employee

Hi Kostas,

This error indicates an issue with the config file parser, this means that it needed to be handled prior to running smartmove.

Can you send me this file offline? ofirs@checkpoint.com 

 

0 Kudos
KostasGR
Collaborator

Hello Ofir

The smartmove version 5.1.7668.31064 parses fine the same config file but in that version we can't have the cp_objects_opt.json file.

Is it a way to find more info by enabling debugging on SmartMove.exe and send you that info?

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee
Employee

Hi @KostasGR ,

It a very old version (5.1.7668.31064) since 2020 without optimization support.

Please download the new version of SmartMove : https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

 

 

0 Kudos
KostasGR
Collaborator

Hello Ofir

I think that i can explain why this is happening. Maybe the latest version of Smartmove checks also for reserved words.

As far as i can read from https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...  -nets- and -to- are reserved words that should not be used within objects definition (i.e., Network Objects, Users, Groups, etc.).

As concerns duplicate objects checks with smartconnector method we have obseved that if a Group_A already on management server has a member a  network 192.168.1.0/30 and an imported Group_B has 4 hosts 192.168.1.0-3 the Group A is not used instead of Group B.As a result a duplicate Group is imported.

BR,
Kostas

 

 

0 Kudos
Ofir_Shikolski
Employee
Employee

Hi Kostas,

SmartMove checks reserved words. (since day 1)

Since I do not have the file , it is hard to see it like you.

'missing information for source Cisco object '- this means an issue with the source object in the ACL.

 

About smartconnector - in case network rage  192.168.1.0/30 already exists, it will reuse it .

You can see the thread with which objects Smartconnector handles : https://community.checkpoint.com/t5/SmartMove/How-smartmove-latest-version-handle-duplicate-objects/...

About Groups - Smartconnector only checks for existing names and not the content of it.

 

 

 

0 Kudos
KostasGR
Collaborator

Hello Ofir

One more issue with latest Smartmove/smartconnector with opt file. Any idea how to troubleshoot this ? 

processing access rule: #22,
WARN: Runtime error: an eclipse error has occurred enable logging on EclipseLinkExceptionHandler to see full error
REPORT: access rule is not added

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee
Employee

Hi @KostasGR ,

This indicates about  Quantum Security Management issue, the best will be to involve our support with that.

 

0 Kudos