This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-06-16 07:46 AM

SmartMove new version June 2021

Now, we can also run SmartMove from the CLI.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Downloads

  • Click here to get the open Source repository.
  • Click here to download the Check Point SmartMove Tool.

Usage:

SmartMove.exe [-s config_file_name] [-v vendor] [-t target_folder] [-d domain] [-n] [-l LDAP_Account_unit] [-k]

Mandatory flags:

-s | --source Full path to the vendor configuration file
-v | --vendor Vendor for conversion (available options: CiscoASA, JuniperSRX, JuniperSSG, FortiNet, PaloAlto, Panorama)

Optional flags:

-t | --target Migration output folder
-d | --domain Domain name (for CiscoASA, JuniperSRX, JuniperSSG only)
-n | --nat ("-n false" |" -n true" [default]) Convert NAT configuration [enabled by default]
-l | --ldap LDAP Account unit for convert user configuration option (for FortiNet, PaloAlto, and Panorama only)
-k | --skip ("-k false" |" -k true" [default]) Do not import unused objects (for FortiNet, PaloAlto and Panorama only) [enabled by default]
-f | --format Format of the output file (JSON[default], TEXT)

Example:

SmartMove.exe -s "D:\SmartMove\Content\config.txt" -v CiscoASA - t "D:\SmartMove\Content" -n true -k false -f json

Labels
  • GA
10 Replies
JaeYoung_An
Explorer
‎2021-06-22 01:28 AM

How can i download latest Version?

i think that Latest version is not available in official site

download link information

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

 

 

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-06-22 11:08 AM
In response to JaeYoung_An

From here: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d...

I uploaded the version to the same link id 🙂 

if there are issues, please let me know .

0 Kudos
JaeYoung_An
Explorer
‎2021-06-22 05:59 PM
In response to Ofir_Shikolski

I downloaded from the link

but CLI command was not working in CMD 

image.png

i confirmed files, last modified date is 23 May.

i think that new version of smartmove is 6.2,but the version is 6.0 in official site

 

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-06-22 10:42 PM
In response to JaeYoung_An

My mistake, I re-uploaded it 

0 Kudos
the_rock
Legend
Legend
‎2021-06-22 07:19 AM

I think tool is actually really good. I used it twice for Cisco conversion and worked fine both times. One odd thing I found, but not real sure if this is just cosmetic or way tool works...for example, if you run show runn on Cisco from enable mode and then output it into text file, conversion may not work right, so what you need to do is go to conf t mode on Cisco, run pager 0 and that will eliminate "page breaks" when running any commands, so you dont need to keep pressing space bar on your keyboard. 

Anyway, thought would share this, if anyone else encountered this problem.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-06-22 11:09 AM
In response to the_rock

Thanks for the feedback 🙂

I added it a few weeks ago to the SmartMove SK.

Cisco configuration migration:

Before you run SmartMove, replace DHCP / DAIP interfaces with static IP addresses on your cisco Gateway.

  1. Get the Cisco configuration file from the gateway. See vendor documentation for "show configuration" commands.
  2. SSH:https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s12.html " -> "terminal pager 0" ->show running-config"

    ASDM: https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/asdm77/general/asdm-77-general-config/admin...
    On the ASDM we need to drive to  Tools>Backup Configurations, select 'running-configuration', browse the folder we would like to save the ASA configuration, click backup and wait until you get the confirmation message. 
    Once this is done we get a .zip file with the ASA configuration
Ian
Employee Employee
Employee
‎2021-06-24 07:18 AM

Is the "asa-spread-acl-remarks" flag still supported with the latest SmartMove.exe?  This was an undocumented option that was needed to fully migrate comments from ASA rules to Check Point comments.

0 Kudos
the_rock
Legend
Legend
‎2021-06-24 07:21 AM
In response to Ian

I never seen that issue even in older version, always worked fine...after migrating, I was able to see all the comments that where there for Cisco rules.

0 Kudos
Ian
Employee Employee
Employee
‎2021-06-24 07:30 AM
In response to the_rock

Interesting, we've always needed that option.  Because of the way ASA comments it's rules in chunks (one comment covers multiple rules) if there are multiple rules under the same 'comment', SmartMove will only migrate that comment into the first rule only.  By launching SmartMove.exe with the 'asa-spread-acl-remarks' flag, the ASA comments will 'spread' and be copied to each individual rule.  I don't believe it was every documented though.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2021-06-24 11:24 PM
In response to Ian

"asa-spread-acl-remarks" is support and documented 🙂

0 Kudos
Upcoming Events

    CheckMates Events
    Top