Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • online help

    6.0.3
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Saving the Check Point source configuration file

    Saving the Check Point source configuration file

    Before starting the conversion wizard, save a copy of your Check Point configuration file to the computer where FortiConverter is installed.

    To acquire the configuration, please download the following files from the management system, ensure the configuration is in a text format. FortiConverter can't take binary files.

    Use the following command to find the files:

    # find / -name "filename"

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    4. Provider – 1 to Fortigate conversion

    5. Provider-1 to FortiManager conversion

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File paths:

    File

    File name

    Path

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    $FWDIR/conf

    Policy and Rule definitions

    rulebase_5_0.fws

    <package name>.W

    $FWDIR/conf

    User and User Group file

    fwauth.NDB

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route information

    NA

    Save output of route print command from firewall

    Uploader Icons used in tool:

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path:

    File File name Path
    Object definitions objects_5_0.C (Checkpoint NG/NGX) $FWDIR/conf
    objects.C (Checkpoint 4.x_)
    User and User Group file fwauth.NDB $FWDIR/conf/
    —or—
    $FWDIR/database/
    Route information NA Save output of route print command from firewall

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Uploader Icons used in tool:

    Note: Alternately, you can chose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file $FWDIR/conf/rulebase_5_0.fws

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer above screenshots)
    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path:

    File File name Path
    Object definitions objects_5_0.C (Checkpoint NG/NGX) /opt/CPR77CMP-R80/conf
    Policy and Rule definitions rulebase_5_0.fws /opt/CPR77CMP-R80/conf
    <package name>.W
    User and User Group file fwauth.NDB /opt/CPR77CMP-R80/conf
    Route information NA Save output of route print command from firewall
    Note: Alternately, you can choose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file: /opt/CPR77CMP-R80/conf

    4. Provider – 1 to Fortigate conversion

    Usually used while converting a single checkpoint firewall to a Fortigate. In this case chose "Smartcenter" option while doing the conversion

    4.1 Both MDS/CMA & Gateways are on version before R80.10

    MDS is running with multiple CMA domains and we need to convert a single CMA to FortiGate, please refer Section-1 to fetch the files.

    4.2 Both MDS/CMA & Gateways are on version R80.10 Or later

    MDS is running with multiple CMA domains and we need to convert a single CMA to FortiGate, please refer Section-2 to fetch the files.

    4.3 MDS/CMA is on R80.10 but Gateways running below R80 such as R77

    • We can fetch policy and Nat csv files as mentioned above as the management server running with R80.
    • Object definitions and user files are available in the below table.

    File Path:

    File File name Path
    Object definitions objects_5_0.C (Checkpoint NG/NGX) /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/
    Policy and Rule definitions rulebase_5_0.fws /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/
    <package name>.W
    User and User Group file fwauth.NDB /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/
    Route information NA Save output of route print command from firewall
    Note: Alternately, you can choose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file: /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/

    5. Provider-1 to FortiManager conversion

    Usually used while converting a multiple checkpoint firewall configuration to Fortimanager output. In this case use "Provider-1" option while doing the conversion

    • MDS definitions – "mdss.C" This file contains the MDS hierarchy.
    • MDS object definitions – "objects_5_0.C" This file contains the definition of domains in each MDS.
    • Global object definitions – "objects_5_0.C" This file contains the definition of objects used in global policies.
    • Global policy rule bases – "rulebases_5_0.fws" This file contains the definition of global policies.
    • Global policy assignments – "customers.C"
    • CMA domain files – Every CMA needs a set of "objects_5_0.C", "rulebases_5_0.fws" and "fwauth.NDB"(optional) files as the input.

    File Path:

    File

    File name

    Path

    MDS definitions

    mdss.C

    $MDSDIR/conf/mdsdb

    MDS object definitions

    objects_5_0.C

    $MDSDIR/conf/mdsdb

    Global object definitions

    objects_5_0.C

    $MDSDIR/conf/

    Global policy rule bases

    rulebases_5_0.fws

    $MDSDIR/conf/

    Global policy assignments

    customers.C

    $MDSDIR/conf/mdsdb

    CMA object definitions

    objects_5_0.C

    Path format: "/opt/<mds name>/customers/<Domain mgmt. server name>/<CMA>/<fw name>/conf"

    e.g. "opt\CPmds-R76\customers\domain-1_Management_Server\CPsuite-R76\fw1\conf"
    CMA policy rulebases rulebases_5_0.fws CMA policy rulebases rulebases_5_0.fws

    Uploader Icons used in tool:

    Previous
    Next

    Saving the Check Point source configuration file

    Saving the Check Point source configuration file

    Before starting the conversion wizard, save a copy of your Check Point configuration file to the computer where FortiConverter is installed.

    To acquire the configuration, please download the following files from the management system, ensure the configuration is in a text format. FortiConverter can't take binary files.

    Use the following command to find the files:

    # find / -name "filename"

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    4. Provider – 1 to Fortigate conversion

    5. Provider-1 to FortiManager conversion

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File paths:

    File

    File name

    Path

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    $FWDIR/conf

    Policy and Rule definitions

    rulebase_5_0.fws

    <package name>.W

    $FWDIR/conf

    User and User Group file

    fwauth.NDB

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route information

    NA

    Save output of route print command from firewall

    Uploader Icons used in tool:

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path:

    File File name Path
    Object definitions objects_5_0.C (Checkpoint NG/NGX) $FWDIR/conf
    objects.C (Checkpoint 4.x_)
    User and User Group file fwauth.NDB $FWDIR/conf/
    —or—
    $FWDIR/database/
    Route information NA Save output of route print command from firewall

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Uploader Icons used in tool:

    Note: Alternately, you can chose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file $FWDIR/conf/rulebase_5_0.fws

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer above screenshots)
    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path:

    File File name Path
    Object definitions objects_5_0.C (Checkpoint NG/NGX) /opt/CPR77CMP-R80/conf
    Policy and Rule definitions rulebase_5_0.fws /opt/CPR77CMP-R80/conf
    <package name>.W
    User and User Group file fwauth.NDB /opt/CPR77CMP-R80/conf
    Route information NA Save output of route print command from firewall
    Note: Alternately, you can choose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file: /opt/CPR77CMP-R80/conf

    4. Provider – 1 to Fortigate conversion

    Usually used while converting a single checkpoint firewall to a Fortigate. In this case chose "Smartcenter" option while doing the conversion

    4.1 Both MDS/CMA & Gateways are on version before R80.10

    MDS is running with multiple CMA domains and we need to convert a single CMA to FortiGate, please refer Section-1 to fetch the files.

    4.2 Both MDS/CMA & Gateways are on version R80.10 Or later

    MDS is running with multiple CMA domains and we need to convert a single CMA to FortiGate, please refer Section-2 to fetch the files.

    4.3 MDS/CMA is on R80.10 but Gateways running below R80 such as R77

    • We can fetch policy and Nat csv files as mentioned above as the management server running with R80.
    • Object definitions and user files are available in the below table.

    File Path:

    File File name Path
    Object definitions objects_5_0.C (Checkpoint NG/NGX) /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/
    Policy and Rule definitions rulebase_5_0.fws /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/
    <package name>.W
    User and User Group file fwauth.NDB /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/
    Route information NA Save output of route print command from firewall
    Note: Alternately, you can choose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file: /opt/CPmds-R80/customers/<CMA_Server>/CPR77CMP-R80/conf/

    5. Provider-1 to FortiManager conversion

    Usually used while converting a multiple checkpoint firewall configuration to Fortimanager output. In this case use "Provider-1" option while doing the conversion

    • MDS definitions – "mdss.C" This file contains the MDS hierarchy.
    • MDS object definitions – "objects_5_0.C" This file contains the definition of domains in each MDS.
    • Global object definitions – "objects_5_0.C" This file contains the definition of objects used in global policies.
    • Global policy rule bases – "rulebases_5_0.fws" This file contains the definition of global policies.
    • Global policy assignments – "customers.C"
    • CMA domain files – Every CMA needs a set of "objects_5_0.C", "rulebases_5_0.fws" and "fwauth.NDB"(optional) files as the input.

    File Path:

    File

    File name

    Path

    MDS definitions

    mdss.C

    $MDSDIR/conf/mdsdb

    MDS object definitions

    objects_5_0.C

    $MDSDIR/conf/mdsdb

    Global object definitions

    objects_5_0.C

    $MDSDIR/conf/

    Global policy rule bases

    rulebases_5_0.fws

    $MDSDIR/conf/

    Global policy assignments

    customers.C

    $MDSDIR/conf/mdsdb

    CMA object definitions

    objects_5_0.C

    Path format: "/opt/<mds name>/customers/<Domain mgmt. server name>/<CMA>/<fw name>/conf"

    e.g. "opt\CPmds-R76\customers\domain-1_Management_Server\CPsuite-R76\fw1\conf"
    CMA policy rulebases rulebases_5_0.fws CMA policy rulebases rulebases_5_0.fws

    Uploader Icons used in tool:

    Previous
    Next