Checkpoint firewall to Pix conversion

Unanswered Question
Jun 21st, 2007

have been asked to convert an older checkpoint firewall, running on solaris to a cisco PIX.

If you have hands-on experience performing this process, Can you share some of the gotcha or tips

that I should be aware of, given the different architectures?

The pix will be a 525 with gig interfaces and the Checkpoint is Ng with application intelligence build 127 R55 running on a pair of SUN 220r's with gig interfaces.

For starters, how do the two models comparable in performance

More info to share once I get some responses. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
brispin Wed, 06/27/2007 - 10:17

I think you can use PIX's PDM, since that's modeled after Checkpoint's interface and should be familiar to Checkpoint admins. However, that only eases the configuration portion, the migration part still has to be done manually. There are no specific guidelines for the migration process. As for the performance PIX 525 definately is faster and can take more load.

vitripat Wed, 06/27/2007 - 10:30

Hi,

Cisco SCT should be helpful to you.

Cisco SCT is a Check Point to ASA/PIX/FWSM conversion tool. Cisco Security Conversion Tool (SCT) 1.1 is available on CCO for download. This release adds support for Check Point NGX and makes it easier to convert more than one Check Point device. The download site is:

http://www.cisco.com/cgi-bin/tablebuild.pl/sct

(Note: Your CCO ID should have sufficient privileges to download the files)

Hope this helps.

Regards,

Vibhor.

Actions

This Discussion