If you have Checkpoint version NG or earlier, you can easily use the
tool FW1rules (http://www.wyae.de/software/FWtools/) and that will
convert your checkpoint rulebase, objects, services etc to Cisco (and
also netscreen) format. I would suggest using linux box for using the
above tool.
However this tool does not support NGX. In that case I usually use the
following method:
1) Use checkpoint's Web Visualization Tool to generate a html page
showing the checkpoint configuration of your firewall. This web page
will have rules, objects etc.
2) With the web page open, select all contents on the page and copy
it. Paste the contents in an excel spreadsheet and use the "Text To
Columns" feature to separate the contents into separate columns
3) This will give you the Checkpoint rules separated in columns with
each column for sources, destinations, protocols, action etc etc.
4) In the same way you will have one column with object name, ip
address, NAT address etc etc.
So now you have an entire list of rules and objects in excel in txt
format. You can easily convert this data to cisco format by appending
the cisco relevant syntax infront of the object name, before the ip
address etc etc.
This is not a high-tech and point and click solution to convert
checkpoints, but I found this as the easiest due to lack of
open-source tools for NGX versions.
Send me an email if you need more information and I will be more than
happy to help you out.
-Harshil
On Jan 31, 2008 11:20 AM, Dave Hunt <hunt.dave@gmail.com> wrote:
I have never used it but Cisco is supposed to have a tool that will do
the conversion.
-Dave
On 1/31/08, Brandon Louder <Brandon.Louder@mckennan.org> wrote:
I am very interested in hearing comments on this also as I am going
through the same issue. What version of Checkpoint are you currently
using?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of infolookup@gmail.com
Sent: Thursday, January 31, 2008 6:25 AM
To: listbounce@securityfocus.com; security-basics@securityfocus.com
Subject: Converting Checkpoint to ASA
Hello All,
I would like to know if anyone has done this before. Is it possible by
just getting the right IOS, I can convert my old Checkpoint to an ASA
firewall.
We recently got two new ASA at work and want to convert the old
Checkpoint and use it in our test environment.
Thanks in advance.
Sent via BlackBerry from T-Mobile
-----------------------------------------
Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any
unauthorized review, use, disclosure, or distribution is
prohibited. If you are not the intended recipient, please contact
the sender by reply e-mail and destroy all copies of the original
message.
