Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
2
Replies

Firewall migration assistance

cisco24x7
Level 6
Level 6

‎01-24-2008 11:39 AM - edited ‎03-11-2019 04:53 AM

I have a customer running Checkpoint NGx R60 firewall

on a pair of Nokia IP2260. The management server is

a RedLinux 3 ES. I've provided this customer over

the year with tech. support. This firewall has 20

interfaces and about 1000 rules with over 30000 objects.

we are also running OSPF and BGP on the Nokia. There

are 45 site-2-site VPNs on the firewalls with double

NAT between this site and customers' site.

I use comercial tools and freeware to monitor the

firewall security. In other words, if someone

push policy to the firewall, I get alerts. The

security policy is can also be exported in XML or

HTML so that it can be viewed.

Now the customer wants to migrate to a pair of

ASA 5540 platform. I am looking for a tool that

can convert checkpoint rules to Pix rule.

Anyone know if there is such a tool out there

that can do the job? I can imagine the ASA

configuration will be at least 800,000 lines

of configuration. Can the ASA hand the configuration file

that large?

Thanks.

Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎01-24-2008 01:31 PM

I saw this link long time ago and saved it for reference, I have not used it so I cannot provide feedback but the link may provide you with very usefull information and a start.

Checkpoint NG to ASA/FWSM

http://cisco.com/cgi-bin/tablebuild.pl/sct

Rgds

Jorge

Jorge Rodriguez
0 Helpful

cisco24x7
Level 6
Level 6
In response to JORGE RODRIGUEZ

‎01-24-2008 01:42 PM

I used this tool two years ago and it is a

horrible tool. The conversion was a mess

and that about 99.9% of the information is

totally useless. This tool could not

convert NAT rules. The policy I tried

to convert at the time was not a difficult

one but this tool could not do the job.

I am looking for a better tool. I am sure

there will be many more customers that will

be converting from Checkpoint to ASA in the

future.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card