Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Robert_Decker
Advisor
Jump to solution

How to migrate Cisco ASA configuration to Check Point R80 Management Server database?

How to migrate Cisco ASA configuration to Check Point R80 Management Server database?

0 Kudos
1 Solution

Accepted Solutions
Robert_Decker
Advisor

Check Point SmartMove tool enables you to convert 3rd party database with firewall security policy and NAT to Check Point database.

At the moment, the tool parses Cisco ASA, Juniper JunosOS and ScreenOS configurations and converts its objects, NAT and firewall policy to a Check Point R80.10 compliant policy. The tool is planned to support additional vendors and security configurations in the future.

The tool generates bash scripts by utilizing Check Point Management API's command line interface, to migrate the converted policy into a R80.10 Management (or Multi-Domain) server.

View solution in original post

5 Replies
Robert_Decker
Advisor

Check Point SmartMove tool enables you to convert 3rd party database with firewall security policy and NAT to Check Point database.

At the moment, the tool parses Cisco ASA, Juniper JunosOS and ScreenOS configurations and converts its objects, NAT and firewall policy to a Check Point R80.10 compliant policy. The tool is planned to support additional vendors and security configurations in the future.

The tool generates bash scripts by utilizing Check Point Management API's command line interface, to migrate the converted policy into a R80.10 Management (or Multi-Domain) server.

Robert_Decker
Advisor

Currently, the following Cisco configurations can be migrated:

Supported AppliancesSupported Software
Cisco ASA
  • version 8.3 and above

Enjoy.

0 Kudos
Konstantinos_In
Contributor

Hello

On cisco asa configuration we have the below

object network object-192.168.0.237
nat (internal,outside) static 192.168.0.237

and the smart move tool creates 2 manual static rules.

Original Source        Original Destination        Original Services                              Translated Source                              Translated Destination                       Translated Services
object-192.168.0.237            any                                      any                                  host_192.168.0.237(Nat method static)           original                                                    original
any                           host_192.168.0.237                    any                                              original                                           object-192.168.0.237(Nat method static)           original

Do you think they are needed on checkpoint configuration ?

BR,
Kostas

 

0 Kudos
PhoneBoy
Admin
Admin

NAT to itself? I don't think it's required.

the_rock
Legend
Legend

I did use same tool for a customer to convert cisco asa config to cp and it worked well, but I did notice certain objects did get messed up. Im wondering if there is a good way to move over vpn users and that configuration over...but might be tricky, as its smart-1 cloud server, not actual on prem, so there is no ssh or web UI.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events