Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ofir_Shikolski
Employee
Employee

SmartMove new version June 2021

Now, we can also run SmartMove from the CLI.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Downloads

  • Click here to get the open Source repository.
  • Click here to download the Check Point SmartMove Tool.

Usage:

SmartMove.exe [-s config_file_name] [-v vendor] [-t target_folder] [-d domain] [-n] [-l LDAP_Account_unit] [-k]

Mandatory flags:

-s | --source Full path to the vendor configuration file
-v | --vendor Vendor for conversion (available options: CiscoASA, JuniperSRX, JuniperSSG, FortiNet, PaloAlto, Panorama)

Optional flags:

-t | --target Migration output folder
-d | --domain Domain name (for CiscoASA, JuniperSRX, JuniperSSG only)
-n | --nat ("-n false" |" -n true" [default]) Convert NAT configuration [enabled by default]
-l | --ldap LDAP Account unit for convert user configuration option (for FortiNet, PaloAlto, and Panorama only)
-k | --skip ("-k false" |" -k true" [default]) Do not import unused objects (for FortiNet, PaloAlto and Panorama only) [enabled by default]
-f | --format Format of the output file (JSON[default], TEXT)

Example:

SmartMove.exe -s "D:\SmartMove\Content\config.txt" -v CiscoASA - t "D:\SmartMove\Content" -n true -k false -f json

  • GA
10 Replies
JaeYoung_An
Explorer

How can i download latest Version?

i think that Latest version is not available in official site

download link information

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

 

 

0 Kudos
Ofir_Shikolski
Employee
Employee

From here: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

I uploaded the version to the same link id 🙂 

if there are issues, please let me know .

0 Kudos
JaeYoung_An
Explorer

I downloaded from the link

but CLI command was not working in CMD 

image.png

i confirmed files, last modified date is 23 May.

i think that new version of smartmove is 6.2,but the version is 6.0 in official site

 

0 Kudos
Ofir_Shikolski
Employee
Employee

My mistake, I re-uploaded it 

0 Kudos
the_rock
Authority
Authority

I think tool is actually really good. I used it twice for Cisco conversion and worked fine both times. One odd thing I found, but not real sure if this is just cosmetic or way tool works...for example, if you run show runn on Cisco from enable mode and then output it into text file, conversion may not work right, so what you need to do is go to conf t mode on Cisco, run pager 0 and that will eliminate "page breaks" when running any commands, so you dont need to keep pressing space bar on your keyboard. 

Anyway, thought would share this, if anyone else encountered this problem.

0 Kudos
Ofir_Shikolski
Employee
Employee

Thanks for the feedback 🙂

I added it a few weeks ago to the SmartMove SK.

Cisco configuration migration:

Before you run SmartMove, replace DHCP / DAIP interfaces with static IP addresses on your cisco Gateway.

  1. Get the Cisco configuration file from the gateway. See vendor documentation for "show configuration" commands.
  2. SSH:https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s12.html " -> "terminal pager 0" ->show running-config"

    ASDM: https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/asdm77/general/asdm-77-general-config/admin...
    On the ASDM we need to drive to  Tools>Backup Configurations, select 'running-configuration', browse the folder we would like to save the ASA configuration, click backup and wait until you get the confirmation message. 
    Once this is done we get a .zip file with the ASA configuration
Ian
Employee
Employee

Is the "asa-spread-acl-remarks" flag still supported with the latest SmartMove.exe?  This was an undocumented option that was needed to fully migrate comments from ASA rules to Check Point comments.

0 Kudos
the_rock
Authority
Authority

I never seen that issue even in older version, always worked fine...after migrating, I was able to see all the comments that where there for Cisco rules.

0 Kudos
Ian
Employee
Employee

Interesting, we've always needed that option.  Because of the way ASA comments it's rules in chunks (one comment covers multiple rules) if there are multiple rules under the same 'comment', SmartMove will only migrate that comment into the first rule only.  By launching SmartMove.exe with the 'asa-spread-acl-remarks' flag, the ASA comments will 'spread' and be copied to each individual rule.  I don't believe it was every documented though.

0 Kudos
Ofir_Shikolski
Employee
Employee

"asa-spread-acl-remarks" is support and documented 🙂

0 Kudos