This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
neiren
Participant
‎2025-04-14 06:47 AM
Jump to solution

Using SmartMove to convert competitor Cisco configurations has issues

1. I recently migrated the Cisco firewall configuration of two areas of a customer to cp, and found that after the migration, the ACL policy of the Cisco firewall in one area was much less.

2. I uploaded screenshots of smartmove and some Cisco policies

3. The difference I found so far is that the Cisco configuration that can be successfully converted is the three-layer routing mode, and the one that cannot be converted is the bridging mode

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-04-14 07:12 AM
In response to neiren
Jump to solution

There are limitations described in sk115416.

Please submit feedback on this SK if you feel there are additional gaps than mentioned there.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
6 Replies
neiren
Participant
‎2025-04-14 06:52 AM
Jump to solution

cisco_1.jpgsmartmove_1.jpg

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-04-14 07:12 AM
In response to neiren
Jump to solution

There are limitations described in sk115416.

Please submit feedback on this SK if you feel there are additional gaps than mentioned there.

CCSM R77/R80/ELITE
0 Kudos
neiren
Participant
‎2025-04-14 07:25 PM
In response to Chris_Atkinson
Jump to solution

I don't know the specific cause of the problem? I suspect that it is because the inside and outside interfaces in the Cisco configuration do not have IP addresses, and the BVI is used to share IP addresses.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-14 04:19 PM
In response to neiren
Jump to solution

I I did this sort of conversion from Cisco ASA to CP 3 times and never had an issue, it was always able to move all the rules, regular policies, as well as NAT. 

Andy

Best,
Andy
0 Kudos
neiren
Participant
‎2025-04-14 07:23 PM
In response to the_rock
Jump to solution

We have done a lot of projects on Cisco migration configuration to check point, and this is the first time we have encountered this situation.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-14 07:27 PM
In response to neiren
Jump to solution

I always followed the video from the sk and no issues. I also converted Cisco to other vendors before and worked okay as well. I always found Cisco is by far the easiest vendor to convert. Mind you, the reason for that is probably because other vendors' formats are way different.

My colleagues and I usually end up doing regex scripting to do say conversion for cp to fgt or fgt to cp or pan to fortigate, seems to work really well, as long as you make sure format matches with whatever vendor you are converting to.

Hope that helps.

Andy

Best,
Andy
0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events