Perfect, I'm looking forward to any updates.

Regards,

SJ

Just played with google.

interesting?

https://fwmig.readthedocs.io/en/latest/srx.html

Yea, looks interesting Vince.

Just tried it in the lab, but exact same result.

Just asked my Copilot and it detects following policy packages and policies in the provided test.xml

Hi, correct. The 'logical-systems' in the Juniper config are literally separate virtual firewalls. Once you analyze it the Juniper setup is very similar to a VSX.

Test

That looks exactly how I would expect it to! Is that done with that fwmig tool?

Nope. I played around with visual studio code and Github Copilot and Claude Sonnet Engine. Output is a python script.

Would now be interesting what it would do with your big policies. Will give my Copilot some questions about that.

Copilot says, should be not an issue. 
Fun fact: This action created round about 1700 lines of python coding in just 2h of playing around.

Now the question is if you would risk to test the script 😉

Hey, absolutely, if you can share the script and a short guide how to use I will test it out later once I'm done with a migration, Thanks!

Will do but please don't kill me if the output based on your productive environment will be crap.

Don't worry, I will review it by hand anyway before migrating, but as long as it creates the objects and at least a workable template for the ruleset it's already a huge help 😉 

I will test this in my lab soon and update on results.

I’d be really glad if it doesn’t end up throwing too many errors—but, you know, there are plenty of gremlins out there waiting to trip us up!

I shall know in about 30 mins.

This is what it gave me when I imported the file with smart move and did the scripts. Let me run this through our fully licensed MS Copilot and see what it comes back with...

Would keep SmartMove out of the game. The script is intended to be used alone.

my intention was to help @robertp but not SmartMove

Fair enough, but I will still try...it just gave me the file, so let me test it quick.

Forgot to mention that I just tested the output for smartconsole

would have to test for mgmt_cli as well.

Based on all I tried, I have a gut feeling smart move tool is out of question here...simply does not seem to work for this type of config.

Maybe the script will help Robert a little. I would be happy if it did.

Agree, lets hope so!

Hey, it works! I just tested in prod and it looks kind of ok. I am not able to import the policy packages yet because I need to fix a problem with some services (this is mostly a problem in my Juniper messy config) and with network objects. For network objects the problem is definitely with the script and it's probably a possible fix (would be nice but I can manage manually if not!):

Domain names don't work at all. Instead of converting the DNS address object into "add dns-domain xxxxx" it tries to do "add-host name xxxx" without any IP in it, which gives an error as expected.

Juniper dns objects all look like this (live example):

set logical-systems WAN security address-book global address Microsoft dns-name microsoft.com

I will do some further testing tomorrow once I clean up the services and objects. Thank you for everything, this is already awesome!

@the_rock also big thanks for trying with SmartMove but I also think it will not work with logical systems. Maybe a potential future improvement for the tool 😉

Great! Sorry I could not make it work with the tool, but yes, lets hope thats fixed in the future as far as virtual systems.

My head explodes so i don't understand. Short question: Was my script a bit helpful for your migration?

edith says:

"Domain names don't work at all. Instead of converting the DNS address object into "add dns-domain xxxxx" it tries to do "add-host name xxxx" without any IP in it, which gives an error as expected."

Do you want me to check this? Maybe you can send another test.xml with a domain name then my copilot will do the work

Very helpful, thank you! I just want to give some additional feedback on it once I finish cleaning up the import files (as mentioned above) so I will get back with some info hopefully tomorrow.