Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    6.2.1
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Saving the Check Point source configuration file from Smart Center

    Saving the Check Point source configuration file from Smart Center

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • [Optional] Route information – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • [Optional] User and user groups file – "fwauth.NDB"
    • [Optional] Identity role file - Helps FortiConverter to identify the identity role names referenced in Check Point policies and set them as policy user groups. However, FortiConverter cannot convert the identity roles themselves into FortiGate objects. Users should configure them manually using FSSO in FortiGate.
    • [Optional] ifconfig File (For vlan id consistency) – This file can help the converter to determine the user-set vlan-id for interfaces, if the information is provided. To get this data, enter the command "ifconfig -a" then copy and paste the output into a plain text file.
    • [Optional] DHCP relay file – This file contains the DHCP relay information of interfaces. To get this data, enter the command "show configuration bootp" then copy and paste the output into a plain text file.

    File paths:

    File

    File name

    Location

    Path or Command

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    SmartCenter

    $FWDIR/conf

    Policy rulebases

    rulebase_5_0.fws

    <package name>.W

    SmartCenter

    $FWDIR/conf

    User and User Group file

    fwauth.NDB

    SmartCenter

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Identity role file

    identity_roles.C

    Gateway

    $FWDIR/conf/

    Route

    NA

    Gateway

    netstat -nr

    ifconfig file

    NA

    Gateway

    ifconfig -a

    DHCP relay file

    NA

    Gateway

    show configuration bootp

    Uploader Icons used in tool:

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
    • [Optional] Route information – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • [Optional] User and user groups file"fwauth.NDB"
    • [Optional] Identity role file - Helps FortiConverter to identify the identity role names referenced in Check Point policies and set them as policy user groups. However, FortiConverter cannot convert the identity roles themselves into FortiGate objects. Users should configure them manually using FSSO in FortiGate.
    • [Optional] ifconfig File (For vlan id consistency) – This file can help the converter to determine the user-set vlan-id for interfaces, if the information is provided. To get this data, enter the command "ifconfig -a" then copy and paste the output into a plain text file.
    • [Optional] DHCP relay file – This file contains the DHCP relay information of interfaces. To get this data, enter the command "show configuration bootp" then copy and paste the output into a plain text file.

    File Path:

    File File name

    Location

    		 Path or command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    		 $FWDIR/conf
    objects.C (Checkpoint 4.x_)

    Policy and NAT files

    NA

    SmartConsole GUI

    Refer to screenshots below
    User and User Group file fwauth.NDB

    SmartCenter

    		 $FWDIR/conf/ —or— $FWDIR/database/

    Identity Role file

    identity_roles.C

    SmartCenter

    $FWDIR/conf/

    Route NA

    Gateway

    		 netstat -nr

    ifconfig file

    NA

    Gateway

    ifconfig -a

    DHCP relay file

    NA

    Gateway

    show configuration bootp

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Uploader Icons used in tool:

    Note: Alternately, you can chose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file $FWDIR/conf/rulebase_5_0.fws

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • [Optional] Route information – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • [Optional] User and user groups file – "fwauth.NDB"
    • [Optional] Identity role file - Helps FortiConverter t
    • o identify the identity role names referenced in Check Point policies and set them as policy user groups. However, FortiConverter cannot convert the identity roles themselves into FortiGate objects. Users should configure them manually using FSSO in FortiGate.
    • [Optional] ifconfig File (For vlan id consistency) – This file can help the converter to determine the user-set vlan-id for interfaces, if the information is provided. To get this data, enter the command "ifconfig -a" then copy and paste the output into a plain text file.
    • [Optional] DHCP relay file – This file contains the DHCP relay information of interfaces. To get this data, enter the command "show configuration bootp" then copy and paste the output into a plain text file.

    File Path:

    File File name

    Location

    		 Path or command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    		 /opt/CPR77CMP-R80/conf
    Policy rulebases rulebase_5_0.fws <package name>.W

    SmartCenter

    		 /opt/CPR77CMP-R80/conf
    User and User Group file fwauth.NDB

    SmartCenter

    		 /opt/CPR77CMP-R80/conf

    Identity role file

    identity_roles.C

    SmartCenter

    /opt/CPR77CMP-R80/conf

    Route NA

    Gateway

    		 netstat -nr

    ifconfig file

    NA

    Gateway

    ifconfig -a

    DHCP relay file

    NA

    Gateway

    show configuration bootp

    Note: Alternately, you can choose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file: /opt/CPR77CMP-R80/conf

    Previous
    Next

    Saving the Check Point source configuration file from Smart Center

    Saving the Check Point source configuration file from Smart Center

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    1. Both Checkpoint Smart Center & Gateways with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • [Optional] Route information – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • [Optional] User and user groups file – "fwauth.NDB"
    • [Optional] Identity role file - Helps FortiConverter to identify the identity role names referenced in Check Point policies and set them as policy user groups. However, FortiConverter cannot convert the identity roles themselves into FortiGate objects. Users should configure them manually using FSSO in FortiGate.
    • [Optional] ifconfig File (For vlan id consistency) – This file can help the converter to determine the user-set vlan-id for interfaces, if the information is provided. To get this data, enter the command "ifconfig -a" then copy and paste the output into a plain text file.
    • [Optional] DHCP relay file – This file contains the DHCP relay information of interfaces. To get this data, enter the command "show configuration bootp" then copy and paste the output into a plain text file.

    File paths:

    File

    File name

    Location

    Path or Command

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    SmartCenter

    $FWDIR/conf

    Policy rulebases

    rulebase_5_0.fws

    <package name>.W

    SmartCenter

    $FWDIR/conf

    User and User Group file

    fwauth.NDB

    SmartCenter

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Identity role file

    identity_roles.C

    Gateway

    $FWDIR/conf/

    Route

    NA

    Gateway

    netstat -nr

    ifconfig file

    NA

    Gateway

    ifconfig -a

    DHCP relay file

    NA

    Gateway

    show configuration bootp

    Uploader Icons used in tool:

    2. Both Checkpoint Smart Center & Gateways are in version R80.10 & Later

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
    • [Optional] Route information – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • [Optional] User and user groups file"fwauth.NDB"
    • [Optional] Identity role file - Helps FortiConverter to identify the identity role names referenced in Check Point policies and set them as policy user groups. However, FortiConverter cannot convert the identity roles themselves into FortiGate objects. Users should configure them manually using FSSO in FortiGate.
    • [Optional] ifconfig File (For vlan id consistency) – This file can help the converter to determine the user-set vlan-id for interfaces, if the information is provided. To get this data, enter the command "ifconfig -a" then copy and paste the output into a plain text file.
    • [Optional] DHCP relay file – This file contains the DHCP relay information of interfaces. To get this data, enter the command "show configuration bootp" then copy and paste the output into a plain text file.

    File Path:

    File File name

    Location

    		 Path or command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    		 $FWDIR/conf
    objects.C (Checkpoint 4.x_)

    Policy and NAT files

    NA

    SmartConsole GUI

    Refer to screenshots below
    User and User Group file fwauth.NDB

    SmartCenter

    		 $FWDIR/conf/ —or— $FWDIR/database/

    Identity Role file

    identity_roles.C

    SmartCenter

    $FWDIR/conf/

    Route NA

    Gateway

    		 netstat -nr

    ifconfig file

    NA

    Gateway

    ifconfig -a

    DHCP relay file

    NA

    Gateway

    show configuration bootp

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Uploader Icons used in tool:

    Note: Alternately, you can chose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file $FWDIR/conf/rulebase_5_0.fws

    3. Smart Center is on R80.10 and later but Gateways are below R80 such as R77

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • [Optional] Route information – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • [Optional] User and user groups file – "fwauth.NDB"
    • [Optional] Identity role file - Helps FortiConverter t
    • o identify the identity role names referenced in Check Point policies and set them as policy user groups. However, FortiConverter cannot convert the identity roles themselves into FortiGate objects. Users should configure them manually using FSSO in FortiGate.
    • [Optional] ifconfig File (For vlan id consistency) – This file can help the converter to determine the user-set vlan-id for interfaces, if the information is provided. To get this data, enter the command "ifconfig -a" then copy and paste the output into a plain text file.
    • [Optional] DHCP relay file – This file contains the DHCP relay information of interfaces. To get this data, enter the command "show configuration bootp" then copy and paste the output into a plain text file.

    File Path:

    File File name

    Location

    		 Path or command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    		 /opt/CPR77CMP-R80/conf
    Policy rulebases rulebase_5_0.fws <package name>.W

    SmartCenter

    		 /opt/CPR77CMP-R80/conf
    User and User Group file fwauth.NDB

    SmartCenter

    		 /opt/CPR77CMP-R80/conf

    Identity role file

    identity_roles.C

    SmartCenter

    /opt/CPR77CMP-R80/conf

    Route NA

    Gateway

    		 netstat -nr

    ifconfig file

    NA

    Gateway

    ifconfig -a

    DHCP relay file

    NA

    Gateway

    show configuration bootp

    Note: Alternately, you can choose to download Policy and rule definitions file "rulebases_5_0.fws" from following path if you are interested to cross verify it with CSV file: /opt/CPR77CMP-R80/conf

    Previous
    Next