Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    7.2.0
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Saving the Check Point source configuration file from VSX Gateway

    Saving the Check Point source configuration file from VSX Gateway

    When VSX feature is enabled and multiple Virtual Systems are part of the VSX gateway, FortiConverter supports migrating multiple Virtual Systems with one conversion.

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    • Rule definitions – "*.csv" or "*.zip". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below). Before exporting, please display all the columns of the rule tables to ensure that all necessary information is exported.

      • If only one VSYS needs to be converted, or all VSYS’s share one policy package, input the CSV file exported from the policy package.

      If multiple VSYSs need to be converted in one shot, and they use multiple policy packages, input a ZIP file which contains multiple CSV files, each one exported from a policy package. Please see Input multiple CSV files as multiple policy packages for more information.

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path

    File File name

    Location

    		 Path or Command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    $FWDIR/conf

    —or—

    $FWDIR/database/

    objects.C (Checkpoint 4.x_)

    Policy and NAT files

    NA

    SmartConsole GUI

    Refer to screenshots below

    User and user Group file fwauth.NDB

    SmartCenter

    		 $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route NA

    Gateway

    		 netstat -nr

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Input multiple CSV files as multiple policy packages

    When multiple Virtual Systems are converted in one shot, and they use multiple policy packages, we need multiple firewall rule CSV files and multiple NAT rule CSV files. To input multiple CSV files into FortiConverter, we need to archive the CSV files into ZIP files. Please follow the steps below to prepare the ZIP files:

    Firewall rule ZIP file:

    1. Export the firewall rules in each package into a CSV file.
    2. Use the package name as the file name of each firewall rule CSV file.
    3. Archive all the firewall rule CSV files into a ZIP file as the policy file input.

    NAT rule ZIP file:

    1. Similarly, export the NAT rules in each package into a CSV file.
    2. Use the package name as the file name of each NAT rule CSV file.
    3. Archive all the NAT rule CSV files into another ZIP file as the NAT file input.

    For each firewall rule and NAT rule CSV file, FortiConverter uses its file name as the policy package name of the rules inside. Therefore, the firewall rule CSV file and NAT rule CSV file from the same policy package should use the same name. Although they are archived in two separate ZIP files, FortiConverter can recognize that they belong to the same package after parsing.

    For example, if there is a file "package1.csv" in the firewall rule ZIP file, and there is also a file "package1.csv" in the NAT rule ZIP file, then FortiConverter would categorize those firewall rules and NAT rules into a package named "package1".

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File paths:

    File

    File name

    Location

    Path or Command

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    SmartCenter

    $FWDIR/conf

    —or—

    $FWDIR/database/

    Policy rulebases

    rulebase_5_0.fws

    <package name>.W

    SmartCenter

    $FWDIR/conf

    User and user Group file

    fwauth.NDB

    SmartCenter

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route

    NA

    Gateway

    netstat -nr

    Previous
    Next

    Saving the Check Point source configuration file from VSX Gateway

    Saving the Check Point source configuration file from VSX Gateway

    When VSX feature is enabled and multiple Virtual Systems are part of the VSX gateway, FortiConverter supports migrating multiple Virtual Systems with one conversion.

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    1. Both Checkpoint Smart Center & VSX Gateways(VS) are in version R80.10 & Later

    • Rule definitions – "*.csv" or "*.zip". The Policy and NAT CSV files can be exported from the Smart Console (refer screenshot below). Before exporting, please display all the columns of the rule tables to ensure that all necessary information is exported.

      • If only one VSYS needs to be converted, or all VSYS’s share one policy package, input the CSV file exported from the policy package.

      If multiple VSYSs need to be converted in one shot, and they use multiple policy packages, input a ZIP file which contains multiple CSV files, each one exported from a policy package. Please see Input multiple CSV files as multiple policy packages for more information.

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File Path

    File File name

    Location

    		 Path or Command
    Object definitions objects_5_0.C (Checkpoint NG/NGX)

    SmartCenter

    $FWDIR/conf

    —or—

    $FWDIR/database/

    objects.C (Checkpoint 4.x_)

    Policy and NAT files

    NA

    SmartConsole GUI

    Refer to screenshots below

    User and user Group file fwauth.NDB

    SmartCenter

    		 $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route NA

    Gateway

    		 netstat -nr

    Export Policy file (CSV Format):

    Export Nat file (CSV Format)

    Input multiple CSV files as multiple policy packages

    When multiple Virtual Systems are converted in one shot, and they use multiple policy packages, we need multiple firewall rule CSV files and multiple NAT rule CSV files. To input multiple CSV files into FortiConverter, we need to archive the CSV files into ZIP files. Please follow the steps below to prepare the ZIP files:

    Firewall rule ZIP file:

    1. Export the firewall rules in each package into a CSV file.
    2. Use the package name as the file name of each firewall rule CSV file.
    3. Archive all the firewall rule CSV files into a ZIP file as the policy file input.

    NAT rule ZIP file:

    1. Similarly, export the NAT rules in each package into a CSV file.
    2. Use the package name as the file name of each NAT rule CSV file.
    3. Archive all the NAT rule CSV files into another ZIP file as the NAT file input.

    For each firewall rule and NAT rule CSV file, FortiConverter uses its file name as the policy package name of the rules inside. Therefore, the firewall rule CSV file and NAT rule CSV file from the same policy package should use the same name. Although they are archived in two separate ZIP files, FortiConverter can recognize that they belong to the same package after parsing.

    For example, if there is a file "package1.csv" in the firewall rule ZIP file, and there is also a file "package1.csv" in the NAT rule ZIP file, then FortiConverter would categorize those firewall rules and NAT rules into a package named "package1".

    2. Both Checkpoint Smart Center & VSX Gateways(VS) with version before R80.10

    • Object definitions – "objects_5_0.C" (Check Point NG/NGX) or "objects.C" (Check Point 4.x) contains the firewall's object definitions.
    • Policy rulebases – "*.w" or "rulebases_5_0.fws". The file name is "<package name>.W" (default "Standard.W") or "rulebases_5_0.fws".
    • Route information (optional) – Helps FortiConverter to correctly interpret the network topology being converted. To get this data, enter the route print command (for example, "netstat -nr") on the firewall node and then copy and paste the output into a plain text file. Codes in the output indicate if the route is a directly connected interface, a host route, a network route, and so on. The output varies by the platform.
    • User and user groups file (optional) – "fwauth.NDB"

    File paths:

    File

    File name

    Location

    Path or Command

    Object definitions

    objects_5_0.C (Checkpoint NG/NGX)

    objects.C (Checkpoint 4.x_)

    SmartCenter

    $FWDIR/conf

    —or—

    $FWDIR/database/

    Policy rulebases

    rulebase_5_0.fws

    <package name>.W

    SmartCenter

    $FWDIR/conf

    User and user Group file

    fwauth.NDB

    SmartCenter

    $FWDIR/conf/

    —or—

    $FWDIR/database/

    Route

    NA

    Gateway

    netstat -nr

    Previous
    Next