If you are migrating from any of the following devices to a Check Point firewall:
Cisco PIX or Cisco Router ACL, Juniper/NetScreen, Symantec's Raptor, SecureComputing's SideWinder or Gauntlet Then your best bet is a tool named Object Filler, which is not oficially supported by Check Point but was developed by Martín Hoz, a Check Point engineer from México. You can find such tool at the following site: http://www.lindercentral.com/ofiller/ I have used it with success in several ocasions although always migrating from Cisco PIX (never tried it with any other product from the list above). Basically it takes your current device's config and puts it in a way you can enter it in a very easy way to a Check Point firewall using dbedit and create all necessary objects (or nodes as you called them). The download package includes documentation and instructions, so it is easy for a new user to get familiar with the tool. Hope it helps. On 11/2/06, Matthew Odendaal <[EMAIL PROTECTED]> wrote:
Dbedit is the best way to go. The syntax pretty well documented in the CLI.PDF file included on the Windows NGX CD (usually CD 2 under Docs). Using the "-f" option you can get dbedit to import a script file which will create the necessary objects for you. All you need to do is have the correct syntax. If you already have the objects in text format, I suggest you import it into Excel first so that you can massage the data into the correct syntax. For every host you wish to add, you need at least 2 lines. For example: "create host_plain <objectname>" "modify network_objects <objectname> ipaddr <ip>" "update_all" The update_all you can put at the end of the script file to save all the objects. Hint: You can add all the objects first, then change all their IP addresses. It makes cutting and pasting from excel into the file a lot easier. E.g. "create host_plain objectname1" "create host_plain objectname2" "create host_plain objectname3" "modify network_objects objectname1 ipaddr 10.1.1.1" "modify network_objects objectname2 ipaddr 10.1.1.2" "modify network_objects objectname3 ipaddr 10.1.1.3" "update_all" The cli.pdf file will give you the syntax to add hosts into groups as well. Hope this helps. Cheers Matthew Odendaal -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Vozelj Borut Sent: 02 November 2006 10:54 AM To: [email protected] Subject: [FW-1] Importing nodes Hello We are planning a migration to checkpoint from some other firewall in the near future. I'd like to know if there is a way to at least import nodes (we have over a 1000 of them and copying them by hand would take a lot of precious time...). We exported them on the current firewall and we have them in text format. BR SAMO NASLOVNIKU! / ONLY FOR THE INTENDED RECIPIENT! To elektronsko sporocilo in pripete datoteke se sme uporabljati v skladu s pogoji druzbe Mobitel, d. d. Glej: http://disclaimer.mobitel.si/ This e-mail and its attachments are subject to the Mobitel, d. d. disclaimer. See: http://disclaimer.mobitel.si/ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
