This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-11-15 04:20 AM
Jump to solution

SmartMove Nov 2021 update

What's new:

Cisco:

Added option to generate a policy without unused objects

Added optimized policy as part of SmartConnector 

Added SmartAnalyze in disable mode 

  • Click here to download the Check Point SmartMove Tool.
 
Labels
1 Solution

Accepted Solutions
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-12-06 11:14 PM
In response to ChiefSec_CP
Jump to solution

Hi @ChiefSec_CP ,

We plan to release first version very soon.

The first version will only support Fortinet.

We will gradually  add more vendors (Second: Cisco)

View solution in original post

17 Replies
ChiefSec_CP
Explorer
‎2021-12-06 01:01 PM
Jump to solution

Is there a timeline for when SmartAnalyze will be enabled?

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-12-06 11:14 PM
In response to ChiefSec_CP
Jump to solution

Hi @ChiefSec_CP ,

We plan to release first version very soon.

The first version will only support Fortinet.

We will gradually  add more vendors (Second: Cisco)

genisis__
Mentor Mentor
Mentor
‎2021-12-06 01:05 PM
Jump to solution

The SK refers to R80 and R80.10, I take it this needs to be updated?

0 Kudos
KostasGR
Advisor
‎2022-02-16 03:14 AM
Jump to solution

Hello Ofir

In case we observe some bugs on SmartMove_B_6_0_8068_6581 version can we report them here?

For example see the below conversion errors.

The common pattern i can see is that are named as *-to- * and *-nets*.

Error creating a rule, missing information for source Cisco object: Object details: XYZ-nets. Using dummy object: _Err_in_topology-line_YZW.;

 

Can you replicate and maybe solve it on the next versions of SmartMove?

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2022-02-20 04:00 AM
In response to KostasGR
Jump to solution

Hi Kostas,

This error indicates an issue with the config file parser, this means that it needed to be handled prior to running smartmove.

Can you send me this file offline? ofirs@checkpoint.com 

 

0 Kudos
KostasGR
Advisor
‎2022-02-21 02:25 AM
In response to Ofir_Shikolski
Jump to solution

Hello Ofir

The smartmove version 5.1.7668.31064 parses fine the same config file but in that version we can't have the cp_objects_opt.json file.

Is it a way to find more info by enabling debugging on SmartMove.exe and send you that info?

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2022-02-21 03:58 AM
In response to KostasGR
Jump to solution

Hi @KostasGR ,

It a very old version (5.1.7668.31064) since 2020 without optimization support.

Please download the new version of SmartMove : https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

 

 

0 Kudos
KostasGR
Advisor
‎2022-02-21 10:15 AM
In response to Ofir_Shikolski
Jump to solution

Hello Ofir

I think that i can explain why this is happening. Maybe the latest version of Smartmove checks also for reserved words.

As far as i can read from https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...  -nets- and -to- are reserved words that should not be used within objects definition (i.e., Network Objects, Users, Groups, etc.).

As concerns duplicate objects checks with smartconnector method we have obseved that if a Group_A already on management server has a member a  network 192.168.1.0/30 and an imported Group_B has 4 hosts 192.168.1.0-3 the Group A is not used instead of Group B.As a result a duplicate Group is imported.

BR,
Kostas

 

 

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2022-02-21 11:33 PM
In response to KostasGR
Jump to solution

Hi Kostas,

SmartMove checks reserved words. (since day 1)

Since I do not have the file , it is hard to see it like you.

'missing information for source Cisco object '- this means an issue with the source object in the ACL.

 

About smartconnector - in case network rage  192.168.1.0/30 already exists, it will reuse it .

You can see the thread with which objects Smartconnector handles : https://community.checkpoint.com/t5/SmartMove/How-smartmove-latest-version-handle-duplicate-objects/...

About Groups - Smartconnector only checks for existing names and not the content of it.

 

 

 

0 Kudos
KostasGR
Advisor
‎2022-03-02 07:30 AM
In response to Ofir_Shikolski
Jump to solution

Hello Ofir

One more issue with latest Smartmove/smartconnector with opt file. Any idea how to troubleshoot this ? 

processing access rule: #22,
WARN: Runtime error: an eclipse error has occurred enable logging on EclipseLinkExceptionHandler to see full error
REPORT: access rule is not added

BR,
Kostas

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2022-03-02 10:54 PM
In response to KostasGR
Jump to solution

Hi @KostasGR ,

This indicates about  Quantum Security Management issue, the best will be to involve our support with that.

 

0 Kudos
datacenter
Explorer
‎2023-12-13 05:53 AM
Jump to solution

How can I download the old version of checkpoint smartmove?

0 Kudos
vikrantchaudhar
Explorer
‎2023-12-13 08:41 PM
In response to Ofir_Shikolski
Jump to solution

Thanks for reply but that is the code how can i use this. I don't have any idea how to use that.

0 Kudos
_Val_
Admin
Admin
‎2023-12-14 03:57 AM
In response to vikrantchaudhar
Jump to solution

Look into sk115416, it has all you need.

0 Kudos
Upcoming Events

    CheckMates Events
    Top