Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

Firewall migration assistance

I have a customer running Checkpoint NGx R60 firewall

on a pair of Nokia IP2260. The management server is

a RedLinux 3 ES. I've provided this customer over

the year with tech. support. This firewall has 20

interfaces and about 1000 rules with over 30000 objects.

we are also running OSPF and BGP on the Nokia. There

are 45 site-2-site VPNs on the firewalls with double

NAT between this site and customers' site.

I use comercial tools and freeware to monitor the

firewall security. In other words, if someone

push policy to the firewall, I get alerts. The

security policy is can also be exported in XML or

HTML so that it can be viewed.

Now the customer wants to migrate to a pair of

ASA 5540 platform. I am looking for a tool that

can convert checkpoint rules to Pix rule.

Anyone know if there is such a tool out there

that can do the job? I can imagine the ASA

configuration will be at least 800,000 lines

of configuration. Can the ASA hand the configuration file

that large?



Re: Firewall migration assistance

I saw this link long time ago and saved it for reference, I have not used it so I cannot provide feedback but the link may provide you with very usefull information and a start.

Checkpoint NG to ASA/FWSM




Re: Firewall migration assistance

I used this tool two years ago and it is a

horrible tool. The conversion was a mess

and that about 99.9% of the information is

totally useless. This tool could not

convert NAT rules. The policy I tried

to convert at the time was not a difficult

one but this tool could not do the job.

I am looking for a better tool. I am sure

there will be many more customers that will

be converting from Checkpoint to ASA in the


CreatePlease to create content