01-24-2008 11:39 AM - edited 03-11-2019 04:53 AM
I have a customer running Checkpoint NGx R60 firewall
on a pair of Nokia IP2260. The management server is
a RedLinux 3 ES. I've provided this customer over
the year with tech. support. This firewall has 20
interfaces and about 1000 rules with over 30000 objects.
we are also running OSPF and BGP on the Nokia. There
are 45 site-2-site VPNs on the firewalls with double
NAT between this site and customers' site.
I use comercial tools and freeware to monitor the
firewall security. In other words, if someone
push policy to the firewall, I get alerts. The
security policy is can also be exported in XML or
HTML so that it can be viewed.
Now the customer wants to migrate to a pair of
ASA 5540 platform. I am looking for a tool that
can convert checkpoint rules to Pix rule.
Anyone know if there is such a tool out there
that can do the job? I can imagine the ASA
configuration will be at least 800,000 lines
of configuration. Can the ASA hand the configuration file
that large?
Thanks.
01-24-2008 01:31 PM
I saw this link long time ago and saved it for reference, I have not used it so I cannot provide feedback but the link may provide you with very usefull information and a start.
Checkpoint NG to ASA/FWSM
http://cisco.com/cgi-bin/tablebuild.pl/sct
Rgds
Jorge
01-24-2008 01:42 PM
I used this tool two years ago and it is a
horrible tool. The conversion was a mess
and that about 99.9% of the information is
totally useless. This tool could not
convert NAT rules. The policy I tried
to convert at the time was not a difficult
one but this tool could not do the job.
I am looking for a better tool. I am sure
there will be many more customers that will
be converting from Checkpoint to ASA in the
future.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: