Saving the Check Point source configuration file from VSX Gateway
When VSX feature is enabled and multiple Virtual Systems are part of the VSX gateway, FCONV only supports converting multiple VSYS at a time
To achieve this, we need to fetch Policy file for each corresponding VSYS. The direction to export such file is outlined below.
All objects belonging to different VSYS (excluding to Security rule and NAT rules) are maintained in one common file. For example, Object.c
1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later
2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10
1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later
- Policy and rule definitions – "*.csv". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below)
- Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
- Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
- User and user groups file (optional) – "fwauth.NDB"
File Path
| File | File name |
Location |
Path or Command |
|---|---|---|---|
| Object definitions | objects_5_0.C (Checkpoint NG/NGX) |
SmartCenter |
—or—
|
| objects.C (Checkpoint 4.x_) |
|
||
|
Policy and NAT files |
NA |
SmartConsole GUI |
|
| User and user Group file | fwauth.NDB |
SmartCenter |
$FWDIR/conf/
—or—
|
| Route | NA |
Gateway |
netstat -nr
|
Export Policy file (CSV Format):
Export Nat file (CSV Format)
If the Virtual Systems use different policy packages, please export the firewall rules in each package into a CSV file, and archive all the CSV files of firewall rules into a ZIP file as the input of the policy file. Similarly, please export the NAT rules in each package into a CSV file, and archive all the CSV files of NAT rules into another ZIP file as the input of the NAT file.
The file name will be used as the policy package name of the firewall rules and the NAT rules. Therefore, please use the same file name for the firewall rule CSV and NAT rule CSV if they are from the same package, and FortiConverter would recognize them as one package.
For example, if there is a file "package1.csv" in the firewall rule ZIP file, and there is also a file "package1.csv" in the NAT rule ZIP file, then FortiConverter would categorize those firewall rules and NAT rules into a package named "package1".
2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10
- Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
- Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
- Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
- User and user groups file (optional) – "fwauth.NDB"
File paths:
|
File |
File name |
Location |
Path or Command |
|---|---|---|---|
|
Object definitions |
objects_5_0.C (Checkpoint NG/NGX) objects.C (Checkpoint 4.x_) |
SmartCenter |
—or—
|
|
Policy rulebases |
rulebase_5_0.fws <package name>.W |
SmartCenter |
|
|
User and user Group file |
fwauth.NDB |
SmartCenter |
—or—
|
|
Route |
NA |
Gateway |
|