- CheckMates
- :
- CheckMates Toolbox
- :
- Scripts
- :
- Re: Exporting/Importing R77.x and Earlier Configur...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Odumper and Ofiller (Exporting/Importing R5x-R7x Config)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ofiller and Odumper are tools that were created by former Check Point SE Martin Hoz. They are not official Check Point tools, but have been used extensively over the years to export and import data from Check Point object databases, whether Security Management, or Multi-Domain (Provider-1). The access policy configuration is exported/imported in CSV format and can be used to extract the configuration from legacy R5x - R7x installations.
To migrate these configurations to a recent version:
- Build a new R77.30 management server on Gaia in a VM
- Import the configuration from the legacy system into the new management server using the the tools
- Upgrade the R77.30 Management to the desired version using the advanced upgrade process. Target versions later than R80.40 will require multiple upgrades.
The attached archive contains the last version of this tool released in January 2007 when R65 was the latest release. That said, the tools should work on releases up to and including R77.30. The archive includes documentation with examples to get you up to speed quickly.
It goes without saying that Check Point provides NO SUPPORT or WARRANTY for this tool. It is provided merely as a convenience.
Ofiller and Odumper are tools that were created by former Check Point SE Martin Hoz. They are not official Check Point tools, but have been used extensively over the years to export and import data from Check Point object databases, whether Security Management, or Multi-Domain (Provider-1). The access policy configuration is exported/imported in CSV format and can be used to extract the configuration from legacy R5x - R7x installations.
To migrate these configurations to a recent versi
...;Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like your help to know if there is a newest version of this? I am running the odumper command in CMD to convert the file to .CSV and getting the issue "cannot start odumper or run due to incomaptibility with 64-bit versions of windows. Please contact the software vendor to ask if a 64-bit windows compatible version is available."
I am using the 2.4 where the last update is 2006.
I would like your help to know if there is a newest version of this? I am running the odumper command in CMD to convert the file to .CSV and getting the issue "cannot start odumper or run due to incomaptibility with 64-bit versions of windows. Please contact the software vendor to ask if a 64-bit windows compatible version is available."
I am using the 2.4 where the last update is 2006.
;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While they were developed by a now former Check Point employee, they are not now nor have they ever been official Check Point tools.
As such, they are provided as-is and there are no plans for further enhancements or recompiles for more modern operating systems.
Another option that runs in PERL is: https://github.com/mattburch/CPParser
It does not have a CSV export/import function natively, but it does appear to export the necessary dbedit commands to recreate the object.
While they were developed by a now former Check Point employee, they are not now nor have they ever been official Check Point tools.
As such, they are provided as-is and there are no plans for further enhancements or recompiles for more modern operating systems.
Another option that runs in PERL is: https://github.com/mattburch/CPParser
It does not have a CSV export/import function natively, but it does appear to export the ne...;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the GUI is there anyway to copy multiple objects out into notepad\word? I can only seem to double click on one object then go up to the top copy\paste. I have firewall rules with several objects in one rule and don't want to copy\paste one at a time?
In the GUI is there anyway to copy multiple objects out into notepad\word? I can only seem to double click on one object then go up to the top copy\paste. I have firewall rules with several objects in one rule and don't want to copy\paste one at a time?
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Happy to see you bringing these up, just recently had to point them out to one of my buddies.
Also, no luck running them in 64 bit Windows.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also used to host this on phoneboy.com, so it seemed appropriate. 😁
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While 64bit versions of Windows are not supported, you can still run these tools on any Linux machine (even on Check Point Management).
Just move folder "Linux_and_SPLAT" from archive to the machine. Run following command on all .lin files inside this folder:
chmod +x *.lin
and after that you can run both tools by running the following commands:
./odumper.lin
./ofiller.lin
Output from my R77.30 MDS:
[Expert@MDS:0]# ./odumper.lin
Unofficial/Unsupported Object Dumper v2.4 - Developed by Martin Hoz
(c) 2003-2006 by Check Point Software Technologies, Inc.
===============================================================================
*** WARNING!: Missing at least a required parameter: (-f) Input (objects) file
or (-p) Input (rules) file.
*** WARNING!: Missing a required parameter: (-o) Output file.
This program takes an Objects_5_0.C or rulebases_5_0.C file, and writes a
formatted CSV file (spreadsheet) that contains the objects you have on the
objects database and/or the rules you have on your rulebases.
You may open later this file with Microsoft Excel or any other alike
spreadsheet program.
Program syntax:
1) odumper.lin help (prints help pages)
2) odumper.lin -I (Interactive mode)
3) odumper.lin [-f file | -p file] -o file [-d] [-html] [-v]
-f specifies the path to the objects (Objects_5_0.C or objects.C)
file you want to process
-p specifies the path to the rulebases (rulebases_5_0.fws) file
you want to process
-o specified the path to the output formatted file you want to have
-d tells the program to also print the default objects - Optional
-html formats the output to HTML (instead of default CSV format) - Optional
-v activates verbose mode
file is a valid filename - such as output.txt, output.html or objects.C
Required parameters: (-f and/or -p) and -o
===============================================================================
No valid objects were processed! - Thank you for using Object Dumper v2.4!
[Expert@MDS:0]# ./ofiller.lin
Unofficial/Unsupported Object Filler v2.4 - Developed by Martin Hoz
(c) 2003-2006 by Check Point Software Technologies, Inc.
===============================================================================
Missing Object type specification (-t)
Missing Initial IP (-s)
Missing Final (Ending) IP (-d)
Missing Mask length (-m)
Missing Output file (-o|-a)
*** WARNING!: Missing at least 1 required parameter. Please verify the syntax
and try again...
This program helps you populate your Check Point SmartCenter server by
producing CLI commands you can directly execute using DBedit in batch mode.
Program syntax:
1) ofiller.lin help (prints help pages - with examples)
2) ofiller.lin -I (Interactive mode)
3) ofiller.lin -f file -i input [-o|-a] file [-c color] [-t type]
[-p policy] [-nopv] [-nonat] [-v]
4) ofiller.lin -t type -s ip -d ip -m mask [-c color]
[-n ip | -ns ip -nd ip -nm mask] [-b obj] [-o|-a] file [-v]
Where valid (case sensitive in all cases) switches input examples are:
file is a valid filename - such as myfile.csv or output.txt
policy is a valid imported policy name - such as imp_pol or my_policy
input is the type of input configuration - csv, list, hosts, pix, netscreen,
gauntlet, sidewinder, raptor, ciscorouter
ip is a valid IP number - such as 192.168.10.45
type can be either host, plaingw, net, range, cpgw, ss, idevice, ose
ledge, lip40
mask is the mask length in bits. A number between 8 and 30
color can be black, blue, green, red, brown or others (see help)
obj it's an existing Check Point gateway object, for NAT purposes
Required parameters: (-f, -i and [-o|-a]) or (-t, -s, -d, -m and [-o|-a])
===============================================================================
No valid objects were processed! - Thank you for using Object Filler v2.4!
PS: Coredumps are created once the tools are run from the management:
[Expert@MDS:0]# ./odumper.lin -p /opt/CPmds-R77/customers/cma_imported/CPsuite-R77/fw1/conf/rulebases_5_0.fws -o /home/admin/imported.csv
Unofficial/Unsupported Object Dumper v2.4 - Developed by Martin Hoz
(c) 2003-2006 by Check Point Software Technologies, Inc.
===============================================================================
===============================================================================
* Processing rules...
-------------------------------------------------------------------------------
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
===============================================================================
Processed 460444 possible objects and found 3246 valid ones.
It took 6.0 seconds on quiet mode.
===============================================================================
*******************************************************************************
Wow! That's a big amount of objects! - Have you considered helping to make
Object Dumper better? - Please do! - Read Questions 1.11, 1.12, 1.13 and 2.6 in
the FAQ Section of the User's Manual to find out how you can help!!!
*******************************************************************************
-------------------------------------------------------------------------------
Total successfully processed Rules = 3246
===============================================================================
Task done successfully! - Thank you for using Object Dumper v2.4!
Segmentation fault (core dumped)
Jozko Mrkvicka
While 64bit versions of Windows are not supported, you can still run these tools on any Linux machine (even on Check Point Management).
Just move folder "Linux_and_SPLAT" from archive to the machine. Run following command on all .lin files inside this folder:
chmod +x *.lin
and after that you can run both tools by running the following commands:
./odumper.lin ./ofiller.lin
Output from my R77.30 MDS:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First thanks so much for the info, but I am not a Linux guy and SCARED TO DEATH to run this on our PROD Checkpoint Box. Is there a simpler way to extract the config from the Checkpoint either via command line or the management server?
First thanks so much for the info, but I am not a Linux guy and SCARED TO DEATH to run this on our PROD Checkpoint Box. Is there a simpler way to extract the config from the Checkpoint either via command line or the management server?
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
I need your help about an error message when I run the command: odumper -f objects_5_0.C -o myobjects.csv
The objects_5_0.C is exported from Management Server in R77.30. When I run odumper -p rulebases_5_0.fws -o rules.csv => no error and the CSV file is successfuly created.
The error message:
---------------------------------------------------------------------------------------------------------------------------
./odumper.lin -f objects_5_0.C -o myobjects.csv
Unofficial/Unsupported Object Dumper v2.4 - Developed by Martin Hoz
(c) 2003-2006 by Check Point Software Technologies, Inc.
===============================================================================
===============================================================================
* Processing objects...
-------------------------------------------------------------------------------
..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................*** WARNING!!!: An internal error condition regarding the number of words was detected!
The number of currently detected words is -216-
The number of predefined words is -140- Aborting!!!
---------------------------------------------------------------------------------------------------------------------------
Anybody have an idea?
Many thanks in advance and at your disposal for any further informations.
Regards,
Thomas
Hi all,
I need your help about an error message when I run the command: odumper -f objects_5_0.C -o myobjects.csv
The objects_5_0.C is exported from Management Server in R77.30. When I run odumper -p rulebases_5_0.fws -o rules.csv => no error and the CSV file is successfuly created.
The error message:
---------------------------------------------------------------------------------------------------------------------------
./odumper.lin -f objects_5_0.C -o myobjects
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You would use this for R55 or R65 export - but for R77.30 ??? You have better tools for that, as this is R65 !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
These tools focus on basic object/access policy definition.
This did not change substantially between R55 and R77.30, so these tools will still be applicable.
Configurations beyond basic firewall will need to be migrated manually.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure why we would do that now given that R77.x and earlier is End of Support and these tools are only relevant on those releases.