Re: Converting Checkpoint to ASA

[c0unter14 <c0unter14 () gmail com>]

If you have Checkpoint version NG or earlier, you can easily use the
tool FW1rules (http://www.wyae.de/software/FWtools/) and that will
convert your checkpoint rulebase, objects, services etc to Cisco (and
also netscreen) format. I would suggest using linux box for using the
above tool.

However this tool does not support NGX. In that case I usually use the
following method:

1) Use checkpoint's Web Visualization Tool to generate a html page
showing the checkpoint configuration of your firewall. This web page
will have rules, objects etc.
2) With the web page open, select all contents on the page and copy
it. Paste the contents in an excel spreadsheet and use the "Text To
Columns" feature to separate the contents into separate columns
3) This will give you the Checkpoint rules separated in columns with
each column for sources, destinations, protocols, action etc etc.
4) In the same way you will have one column with object name, ip
address, NAT address etc etc.

So now you have an entire list of rules and objects in excel in txt
format. You can easily convert this data to cisco format by appending
the cisco relevant syntax infront of the object name, before the ip
address etc etc.

This is not a high-tech and point and click solution to convert
checkpoints, but I found this as the easiest due to lack of
open-source tools for NGX versions.

Send me an email if you need more information and I will be more than
happy to help you out.

-Harshil

On Jan 31, 2008 11:20 AM, Dave Hunt <hunt.dave () gmail com> wrote:
> I have never used it but Cisco is supposed to have a tool that will do
> the conversion.
>
> -Dave
>
>
> On 1/31/08, Brandon Louder <Brandon.Louder () mckennan org> wrote:
> > I am very interested in hearing comments on this also as I am going
> > through the same issue. What version of Checkpoint are you currently
> > using?
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of infolookup () gmail com
> > Sent: Thursday, January 31, 2008 6:25 AM
> > To: listbounce () securityfocus com; security-basics () securityfocus com
> > Subject: Converting Checkpoint to ASA
> >
> > Hello All,
> >
> > I would like to know if anyone has done this before. Is it  possible by
> > just getting the right IOS, I can convert my old Checkpoint to an ASA
> > firewall.
> >
> > We recently got two new ASA at work and want to convert the old
> > Checkpoint and use it in our test environment.
> >
> > Thanks in advance.
> > Sent via BlackBerry from T-Mobile
> >
> >
> > -----------------------------------------
> > Confidentiality Notice: This e-mail message, including any
> > attachments, is for the sole use of the intended recipient(s) and
> > may contain confidential and privileged information. Any
> > unauthorized review, use, disclosure, or distribution is
> > prohibited. If you are not the intended recipient, please contact
> > the sender by reply e-mail and destroy all copies of the original
> > message.