Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

converting weird bsd ipfw ruletable to asa/pix acl's

Has anyone found a viable way of converting the very odd rule definitions of an ipfw on bsd to a usable format like acl's ? I am really breaking my brain with stuff like "skip" rules ? why would you wan't that and how can i convert that to a usable acl ? The manual way is killing me, cause skip seems to jump around in the ruleset on some specific traffic to a count rule and then some more rules, so the actual ruleset is not read on a first match only, but also jumps around to other parts of the rules at runtime.


Re: converting weird bsd ipfw ruletable to asa/pix acl's

The simple answer is NO. Pix lacks a lot

of the features that offers in other

firewalls. There are some vendors out there

that claimed that they can convert the

rulebase for you, such as Solsoft. I did

a project of converting checkpoint rule

into Pix rules and the configuration on

the Pix went up to 900K lines in the

configuration. Pix could not handle it

and blew up.

I've tried Solsoft and it can not do the

conversion either.

CCIE Security

CreatePlease to create content