Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    6.2.1
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Saving the Check Point source configuration file from VSX Gateway

    Saving the Check Point source configuration file from VSX Gateway

    When VSX feature is enabled and multiple Virtual Systems are part of the VSX gateway, FCONV only supports converting multiple VSYS at a time

    To achieve this, we need to fetch Policy file for each corresponding VSYS. The direction to export such file is outlined below.

    All objects belonging to different VSYS (excluding to Security rule and NAT rules) are maintained in one common file. For example, Object.c

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path

    File File name

    Location

    		 Path or Command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    		 $FWDIR/conf
    objects.C (Checkpoint 4.x_)

    Policy and NAT files

    NA

    SmartConsole GUI

    Refer to screenshots below

    User and user Group file fwauth.NDB

    SmartCenter

    		 $FWDIR/conf/
    Route NA

    Gateway

    		 netstat -nr

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Select Model: VSX in FortiConverter tool:

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File paths:

    File

    File name

    Location

    Path or Command

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    SmartCenter

    $FWDIR/conf

    Policy rulebases

    rulebase_5_0.fws

    <package name>.W

    SmartCenter

    $FWDIR/conf

    User and user Group file

    fwauth.NDB

    SmartCenter

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route

    NA

    Gateway

    netstat -nr

    Previous
    Next

    Saving the Check Point source configuration file from VSX Gateway

    Saving the Check Point source configuration file from VSX Gateway

    When VSX feature is enabled and multiple Virtual Systems are part of the VSX gateway, FCONV only supports converting multiple VSYS at a time

    To achieve this, we need to fetch Policy file for each corresponding VSYS. The direction to export such file is outlined below.

    All objects belonging to different VSYS (excluding to Security rule and NAT rules) are maintained in one common file. For example, Object.c

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    • Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path

    File File name

    Location

    		 Path or Command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    		 $FWDIR/conf
    objects.C (Checkpoint 4.x_)

    Policy and NAT files

    NA

    SmartConsole GUI

    Refer to screenshots below

    User and user Group file fwauth.NDB

    SmartCenter

    		 $FWDIR/conf/
    Route NA

    Gateway

    		 netstat -nr

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Select Model: VSX in FortiConverter tool:

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File paths:

    File

    File name

    Location

    Path or Command

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    SmartCenter

    $FWDIR/conf

    Policy rulebases

    rulebase_5_0.fws

    <package name>.W

    SmartCenter

    $FWDIR/conf

    User and user Group file

    fwauth.NDB

    SmartCenter

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route

    NA

    Gateway

    netstat -nr

    Previous
    Next