Fortinet black logo

online help

Saving the Check Point source configuration file

Copy Link
Copy Doc ID 9f76cb1c-b7d2-11ea-8b7d-00505692583a:92361

Saving the Check Point source configuration file

Before starting the conversion wizard, save a copy of your Check Point configuration file to the computer where FortiConverter is installed.

To acquire the configuration, please download the following files from the management system, ensure the configuration is in a text format. FortiConverter can't take binary files.

For SmartCenter with Check Point version before R80.10

  • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
  • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
  • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
  • User and user groups file (optional) – "fwauth.NDB"

File paths of the input files.

File

File name

Path

Object definitions

objects_5_0.C (Checkpoint NG/NGX)

objects.C (Checkpoint 4.x_)

$FWDIR/conf

Policy and Rule definitions

rulebase_5_0.fws

<package name>.W

$FWDIR/conf

User and User Group file

fwauth.NDB

$FWDIR/conf/

—or—

$FWDIR/database/

Route information

NA

Save output of route print command from firewall

Uploader Icons used in conversions before R80.10:

For SmartCenter with Check Point version after R80.10

  • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the SmartConsole.
  • Object definitions/ Route information/ User and user groups file – use the same file(s) as mentioned above for conversions before R80.10.

Uploader Icons used in conversions after R80.10:

For Provider-1

  • MDS definitions – "mdss.C" This file contains the MDS hierarchy.
  • MDS object definitions – "objects_5_0.C" This file contains the definition of domains in each MDS.
  • Global object definitions – "objects_5_0.C" This file contains the definition of objects used in global policies.
  • Global policy rule bases – "rulebases_5_0.fws" This file contains the definition of global policies.
  • Global policy assignments – "customers.C"
  • CMA domain files – Every CMA needs a set of "objects_5_0.C", "rulebases_5_0.fws" and "fwauth.NDB"(optional) files as the input.

File paths for the input files.

File

File name

Path

MDS definitions

mdss.C

$MDSDIR/conf/mdsdb

MDS object definitions

objects_5_0.C

$MDSDIR/conf/mdsdb

Global object definitions

objects_5_0.C

$MDSDIR/conf/

Global policy rule bases

rulebases_5_0.fws

$MDSDIR/conf/

Global policy assignments

customers.C

$MDSDIR/conf/mdsdb

CMA object definitions

objects_5_0.C

Path format: "/opt/<mds name>/customers/<Domain mgmt. server name>/<CMA>/<fw name>/conf"

e.g. "opt\CPmds-R76\customers\domain-1_Management_Server\CPsuite-R76\fw1\conf"

CMA policy rulebases rulebases_5_0.fws CMA policy rulebases rulebases_5_0.fws

Saving the Check Point source configuration file

Before starting the conversion wizard, save a copy of your Check Point configuration file to the computer where FortiConverter is installed.

To acquire the configuration, please download the following files from the management system, ensure the configuration is in a text format. FortiConverter can't take binary files.

For SmartCenter with Check Point version before R80.10

  • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
  • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
  • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
  • User and user groups file (optional) – "fwauth.NDB"

File paths of the input files.

File

File name

Path

Object definitions

objects_5_0.C (Checkpoint NG/NGX)

objects.C (Checkpoint 4.x_)

$FWDIR/conf

Policy and Rule definitions

rulebase_5_0.fws

<package name>.W

$FWDIR/conf

User and User Group file

fwauth.NDB

$FWDIR/conf/

—or—

$FWDIR/database/

Route information

NA

Save output of route print command from firewall

Uploader Icons used in conversions before R80.10:

For SmartCenter with Check Point version after R80.10

  • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the SmartConsole.
  • Object definitions/ Route information/ User and user groups file – use the same file(s) as mentioned above for conversions before R80.10.

Uploader Icons used in conversions after R80.10:

For Provider-1

  • MDS definitions – "mdss.C" This file contains the MDS hierarchy.
  • MDS object definitions – "objects_5_0.C" This file contains the definition of domains in each MDS.
  • Global object definitions – "objects_5_0.C" This file contains the definition of objects used in global policies.
  • Global policy rule bases – "rulebases_5_0.fws" This file contains the definition of global policies.
  • Global policy assignments – "customers.C"
  • CMA domain files – Every CMA needs a set of "objects_5_0.C", "rulebases_5_0.fws" and "fwauth.NDB"(optional) files as the input.

File paths for the input files.

File

File name

Path

MDS definitions

mdss.C

$MDSDIR/conf/mdsdb

MDS object definitions

objects_5_0.C

$MDSDIR/conf/mdsdb

Global object definitions

objects_5_0.C

$MDSDIR/conf/

Global policy rule bases

rulebases_5_0.fws

$MDSDIR/conf/

Global policy assignments

customers.C

$MDSDIR/conf/mdsdb

CMA object definitions

objects_5_0.C

Path format: "/opt/<mds name>/customers/<Domain mgmt. server name>/<CMA>/<fw name>/conf"

e.g. "opt\CPmds-R76\customers\domain-1_Management_Server\CPsuite-R76\fw1\conf"

CMA policy rulebases rulebases_5_0.fws CMA policy rulebases rulebases_5_0.fws