This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Renis_Parruca
Explorer
‎2026-04-02 08:17 AM

Migrate configurations from cisco router to Checkpoint

Hello,

 

Can anyone help me how to migrate cisco router configurations to Checkpoint Spark 1595.

0 Kudos
9 Replies
simonemantovani
MVP Silver
MVP Silver
‎2026-04-02 09:03 AM

Hello

could you provide any further information like network diagram, router configuration, access list, etc?

0 Kudos
Renis_Parruca
Explorer
‎2026-04-02 12:27 PM
In response to simonemantovani

Hello Simone,

I'm uploading only the parts of neccesary from the cisco. So the Interfaces, IP addresses,access lists,BGP and IPSEC.The topology from the ISP is like this.They send us to private IP addresses that are used for BGP Session. Upon the BGP is Established I have internet form the public IP that is on the loopback. Then the IPSEC is UP. If you can show me which is the configuration in chekcpoint spark 1595 I will be very grateful. Because we want to switch from cisco router to checkpoint firewall.

 

Best regards,

Renis

0 Kudos
simonemantovani
MVP Silver
MVP Silver
‎2026-04-02 11:51 PM
In response to Renis_Parruca

Hello

if I interpreted the configuration correctly, the check point interface would be:

  • WAN - 172.16.18.78/30
  • PORT5 - 172.16.18.82/30
  • PORT1 - TRUNK
  • PORT1.600 - 192.168.1.1/24
  • PORT1.700 - 10.20.32.1/24

Am I right? The SMB will locally manged or centrally managed (using a Security Management Server)?

 

Renis_Parruca
Explorer
‎2026-04-03 12:17 PM
In response to simonemantovani

Hi Simone,

I have configured WAN-- 172.16.18.78/30 , PORT1.700 - 10.20.32.1/24, and Loopback=79.106.169.137. The wan interface is without static route because in the cisco is configured a BGP with this private addresses 172.16.18.78/30 and 172.16.18.82/30. And the Public IP is advertised after the BGP is established. So the IPSEC knows the public IP. This is what I have undestood from the cisco configurations. The SMB will locally manged or centrally managed (using a Security Management Server)? For the moment I want to configure it locally after the tests with be managed with smart-cloud.

Thanks

0 Kudos
simonemantovani
MVP Silver
MVP Silver
a month ago
In response to Renis_Parruca

Hello

ok,looking at the configuration about the IPSec VPN, this tunnel will be established from your SMB to the remote peer 79.106.64.18, is it right? If yes, the BGP peer will perform a NAT for your SMB to be reachable from Internet to establish VPN, and it will advertise the default route to the SMB. Am I right?

0 Kudos
Renis_Parruca
Explorer
a month ago
In response to simonemantovani

this tunnel will be established from your SMB to the remote peer 79.106.64.18, is it right? YES the remote PEER is 79.106.64.18.Yes the BGP will perform NAT to the public IP: 79.106.169.137 and based on this IP the IPSEC VPN will be established.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-04-02 12:34 PM

I had done this with smartmove tool before, though dont believe that would work for smb, unless its centrally managed. 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Renis_Parruca
Explorer
‎2026-04-03 12:18 PM
In response to the_rock

I have seen the smartmove but is for cisco ASA and firewalls not for routers like my case

0 Kudos
the_rock
MVP Diamond
MVP Diamond
a month ago
In response to Renis_Parruca

Ah, okay...never tested it with Cisco router though, but definitely worked with ASA.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Thu 07 May 2026 @ 01:30 PM (AEST)

    CheckMates Live Sydney
    In-Person

    Thu 07 May 2026 @ 11:30 AM (CDT)

    Nashville: Humans & AI: A Real Conversation
    In-Person

    Tue 19 May 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    CheckMates Events