Firewall migration assistance

Unanswered Question
Jan 24th, 2008

I have a customer running Checkpoint NGx R60 firewall

on a pair of Nokia IP2260. The management server is

a RedLinux 3 ES. I've provided this customer over

the year with tech. support. This firewall has 20

interfaces and about 1000 rules with over 30000 objects.

we are also running OSPF and BGP on the Nokia. There

are 45 site-2-site VPNs on the firewalls with double

NAT between this site and customers' site.


I use comercial tools and freeware to monitor the

firewall security. In other words, if someone

push policy to the firewall, I get alerts. The

security policy is can also be exported in XML or

HTML so that it can be viewed.


Now the customer wants to migrate to a pair of

ASA 5540 platform. I am looking for a tool that

can convert checkpoint rules to Pix rule.


Anyone know if there is such a tool out there

that can do the job? I can imagine the ASA

configuration will be at least 800,000 lines

of configuration. Can the ASA hand the configuration file

that large?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Thu, 01/24/2008 - 13:42

I used this tool two years ago and it is a

horrible tool. The conversion was a mess

and that about 99.9% of the information is

totally useless. This tool could not

convert NAT rules. The policy I tried

to convert at the time was not a difficult

one but this tool could not do the job.


I am looking for a better tool. I am sure

there will be many more customers that will

be converting from Checkpoint to ASA in the

future.

Actions

This Discussion