- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I am trying to convert my ASA config to CheckPoint by SmartMove and receive following error message:
"Object reference not set to an instance of an object"
Does anyone have any suggestion? Thanks,
Moving this into the Developers (Code Hub) section.
Does it only print that error message or give you any other information that might help?
The message includes following information:
Module: CiscoMigration
Class: CiscoConverter
Method: Acl_To_CPRule
It seems that the code crashes due to unsupported/invalid ACL configuration.
Which version of ASA are you migrating? Which version of tool are you using?
Robert.
I believe the reason of error is not ASA version or tool... I have another ASA config file with same version which is converted successfully... There is no major difference between these two ASA... both have objects, interfaces, object-group, ACLs and so on... BTW I use new version of SmartMove (2_1_6520_26222) to convert both ASAs...
According to your error information, this is due to one of the ACL's settings.
Anyway, I'll fix the suspicious code that probably fails to parse that ACL and reports the error.
Please monitor the download center during next week for a newer version.
Hi,
A fixed version (SmartMove_2_1_6539_25884.zip) was just uploaded to sk115416.
Please download it and see if it works for you.
Robert.
Hi Robert,
I am using the latest SmartMove tool and i get below error when converting ASA configuration.
Could not parse configuration file
Message: Object reference not set to an instance of an object
Module: CiscoMigration
Class: Cisco_AccessList
Method: Parse
Hi,
It seems that the tool fails to parse one of ACL commands and throws an exception in code.
I cannot tell which of the lines fails to parse without examining your ASA configuration file.
If you are ok to send me your file, I'll ask Dameon to provide you our FTP address.
Please let me know.
Robert.
Hi Robert,
Sure I can provide you the file. Please PM the ftp details.
Dameon Welch Abernathy, please provide our ftp details, so he can send me his ASA configuration file.
thanks, robert.
Details have been PMed to you.
Thanks Dameon, I have uploaded the config file Robert Decker
OK will move it where Robert Decker can retrieve
Hi,
I've received and examined your ASA configuration file.
Starting from line 4404 in the file, there are access-list commands, that I've never seen or read in Cisco ASA docs that the tool supports.
For example -
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
access-list 101; 1 elements; name hash: 0xe7d586b5
Or access-list commands having child access-list commands )indented commands).
The tool didn't recognize such format and therefore reported parsing failure.
If you remove the content starting from this line, the tool works fine and parses the file.
Just for the curiosity, what kind of configuration such access-list commands represent? Which ASA version?
I saw that on top of your file the ASA version is 8.4(7)...
Robert.
Hi,
Sorry for the late response. The configuration I provided is from Cisco FWSM apparently, but I was told that the ios image on FWSM is the same as the ASA's.
No, they are not the same. SmartMove tool doesn't support Cisco FWSM format.
Robert.
Thanks. We are planning to migrate the FWSM config to ASA so we can convert it in SmartMove.
Robert Decker FYI. After tweaking the FWSM config file, I was able to convert the configuration using SmartMove. As you mentioned earlier SmartMove does not support FWSM due to which the tool was not recognizing some FWSM commands like "names command" which maps names to IP addresses. I replaced the host names with their corresponding IP addresses after which the tool was able to give an output.
Hi,
I am also trying to convert an ASA to CheckPoint but I am getting this error.
Message: access to path <path> is denied
Module: mscorlib
Class: _Error
Method:WinIOError
Can you assist?
Thank you,
Chris
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY