This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martin_Schagerl
Participant
‎2025-04-22 01:42 AM

SmartMove - Palo Alto Migration

Hi,

i have to migrate Rulebase and Objects from Panorama to Checkpoint.

I was planning to use the SmartMove tool at least for the object import and do the rules then via the mgmt_cli.

unfortunately smartmove cannot parse the tgz file i have received from the Palo Admins.

 

The Gui throws an Error:  Could not convert configuration file

 

the debug.log returns:

 

[18.04.2025 12:01:15] Der Index war außerhalb des Arraybereichs.
bei PanoramaPaloAltoMigration.PanoramaParser.GetPanoramaConfFile(String outConfigsFolder) in C:\Users\admin\AppData\Local\Jenkins\.jenkins\workspace\SmartMove\PaloAltoMigration\PanoramaParser.cs:Zeile 62.
bei PanoramaPaloAltoMigration.PanoramaParser.ParseWithTargetFolder(String filename, String targetFolder) in C:\Users\admin\AppData\Local\Jenkins\.jenkins\workspace\SmartMove\PaloAltoMigration\PanoramaParser.cs:Zeile 40.
bei SmartMove.MainWindow.<>c__DisplayClass91_2.<Go_OnClick>b__1() in C:\Users\admin\AppData\Local\Jenkins\.jenkins\workspace\SmartMove\SmartMove\MainWindow.xaml.cs:Zeile 589.
bei System.Threading.Tasks.Task.InnerInvoke()
bei System.Threading.Tasks.Task.Execute()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bei System.Runtime.CompilerServices.TaskAwaiter.GetResult()
bei SmartMove.MainWindow.<Go_OnClick>d__91.MoveNext() in C:\Users\admin\AppData\Local\Jenkins\.jenkins\workspace\SmartMove\SmartMove\MainWindow.xaml.cs:Zeile 589.

Any ideas?

The input file is a tgz file containg a bunch of xml files (seems like one for each FW, mostly OS related and a big xml file for the panorama host containing objects and rulebase)

thx!

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2025-04-22 02:48 AM

If the admins did follow sk115416 better contact CP TAC to get this resolved!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Martin_Schagerl
Participant
‎2025-04-22 02:51 AM
In response to G_W_Albrecht

they followed the SK.

i contacted TAC but they kinda refused to help as smartmove is not supported by tac, only checkmates 😞

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2025-04-22 03:16 AM
In response to Martin_Schagerl

I see, that also can be found in sk115416. Should be supported by CP Professional Services if you pay for it.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2025-04-22 04:53 AM
In response to Martin_Schagerl

Thats actually universal with any TAC out there, and technically, they are right when they say to people its more of a PS engagement.

Anyway, let me do my best to help you. I did this once before and what my colleague and I had to do was essentially "convert" rulebase and open it in notepad ++ and then use regex methods to make it valid for CP format.

Below is example we used for Fortigate (I sadly cant find one for Palo Alto, but you get an idea).

Regex: ^(\d+),(.*),(.*),(.*),(.*).(.*),(.*)\r\n
Replace: edit \1\r\n set srcintf "any"\r\n set dstintf "any"\r\n set name "\3"\r\n set source "\4"\r\n set destination "\4"\r\n set service \5\r\n set logtraffic all\r\n set action \7\r\nnext\r\n

 

Regular expression (regex) reference | Pexip Infinity Docs

Ultimate Regex Cheat Sheet - KeyCDN Support

regex - Regular expression to match a line that doesn't contain a word - Stack Overflow

 

Best,

Andy

0 Kudos
the_rock
Legend
Legend
‎2025-04-22 04:57 AM
In response to the_rock

Forgot to add...I feel like it would be BEST if you are indeed able to open rules in notepad++, that would be literally 50% of work right there.

Andy

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events