I know there is a set of scrips in the web of Checkpoint for checking and
exporting the configuration of a firewall version 4.1 to NG.
One of the scripts checks for inconsistences in the 4.1 configuration and
warnings if you should make some change or delete some duplicate object.
There are a pair of scripts that export/import the configuration from 4.1 to
NG
The last script does a post-migration checking.
> -----Mensaje original-----
> De: Can2002 [SMTP:notleyc+maillists.checkpoint AT FASTMAIL DOT FM]
> Enviado el: martes 24 de junio de 2003 18:14
> Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Asunto: [FW-1] Importing objects manually into OBJECTS_5_0.C -
> Possible???
>
> A colleague at work has written a utility that stripts the content out of
> OBJECTS.C on a 4.1 box and produces an output file containing each object
> formated for an OBJECTS_5_0.C file.
>
> The idea behind it was to save time re-creating objects in situations
> where the standard upgrade solutions don't suit. An example of the
> format produced is shown below:
>
> : (Net-xxx.yyy.zzz
> :add_adtr_rule (false)
> :color (blue)
> :comments (Blah Blah Blah)
> :ipaddr (xxx.yyy.zzz.0)
> :netmask (255.255.255.0)
> :type (network)
> :location (internal)
> :broadcast (allow)
> )
>
> I've tried doing a cpstop and then editing OBJECTS_5_0.C and trying to
> paste the above in after the existing object defined for the management
> server. I then run cpstart and go into SmartDashboard; however the
> network object does is not shown. If I exit Dashboard and then open
> OBJECTS_5_0.C and look for the section I previously added, I see the
> following:
>
> : (Net-xxx.yyy.zzz
> :add_adtr_rule (false)
> :color (blue)
> :comments (Blah Blah Blah)
> :ipaddr (xxx.yyy.zzz.0)
> :netmask (255.255.255.0)
> :type (network)
> :location (internal)
> :broadcast (allow)
> :AdminInfo (
> :LastModified (
> :Time ("Tue Jun 24 15:38:59 2003")
> :By ("Reference upgrade process")
> :From (bhluk-fw1)
> )
> :chkpf_uid
> ("{840E9D50-1459-4C32-87D2-913F66F31E27}")
> :ClassType (network)
> :name (Net-xxx.yyy.zzz)
> :table (network_objects)
> )
> )
>
> The AdminInfo section was obviously added by some Checkpoint process;
> however the GUI interface will still not display the object.
>
> Does anyone know if what I'm trying to do is even possible. Basically I
> have ~ 300 objects to create so I'd rather automate this if possible!
>
> Cheers,
> Chris
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
