-----BEGIN PGP SIGNED MESSAGE----- Hi everybody!
I am happy to announce the availability of Object Filler and Object Dumper version 2.4 - Please find attached the "What's New" doc. For those of you that don't know the tools, Object Dumper is a tool that "dumps" the configuration (objects an rules) of your Check Point SmartCenter to a CSV format. Object Filler can convert configurations from other firewall brands (Such as PIX, Netscreen, Sidewinder, Raptor and Gauntlet) to a Check Point format; and as well can assist on bulk creation/modification/moves for rules and objects of your SmartCenter and Provider-1 environments. The tools are free (as in free beer) and publicly available at the following sites: http://www.cpug.org (under "Check Point resources") http://ofiller.chatscope.com (in the downloads section) http://www.lindercentral.com/ofiller The size of the package is: 7,445,314 bytes The MD5 signature for it is: 013B1B7A5EE24DB33212951E08D539BE The tools come with documentation, and a Tutorial guide that describes step-by-step how to perform some of the basic and some of the most powerful operations with them. For Provider-1 users, the documentation on how to do such operations on a Provider-1 environment is included as well in a separate document. For those of you that already know the tools, the main thing on this version is the full support for security rules. There are some small limitations though (mainly on naming) and they are documented in the manual, so please be sure of checking them out if you plan to use this feature. Things promised before such as native Solaris binaries, enhanced support to import rules from Cisco PIX (including extended ACLs), full support to colors and comments for all objects, support to source ports on services, and support to Edge objects are finally here too. The documentation has been enhanced as well. The Tutorial now includes a section on how to work with policies (adding rules to an existing policy or moving/modifying existing policies for example), and how to recover information from gateways when the SmartCenter has crashed. The Tutorial for Provider-1 now includes a section on how to move from a CMA to a SmartCenter rules and objects, something that has been requested several times. As a reminder, please remember that even though the tools work fine and have been tested, they are NOT officially supported by Check Point nor anybody else - which as you know, it means that you may not call Check Point support on this, and if something goes wrong, you are "officially" on your own... - but you can always ask on the forums and even the author, and an answer would be there... :-) Enjoy! - and a successful and joyful 2007 to all of you! - - MartÃn. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQCVAwUBRZyE+wSuTAgEVOjZAQEGrQP/Suw+XJVPAHiKuyrsqm3rTCavEm4jmyu9 lDwY+ficyPECrtgI4OwWVRM+qT5zRon4b5+GVNRihpnuzdqX+0rmQ2HEWDGNQvr3 1RRdUBFaJtiMSGgCCUSW5oZIM2vg9YxFrvceiIBllb1XihU2bLpa6tu31t2WLzqn 66IKqx7ofAU= =O84R -----END PGP SIGNATURE-----
****************************************************************************** * Unofficial/unsupported Object Filler and Object Dumper for Check Point's * * SmartCenter Server and Provider-1 MDS - Developed by Martin Hoz * * (c) 2003-2006 by Check Point Software Technologies, Ltd. and subsidiaries * ****************************************************************************** * Version 2.4 - December 2006 * ****************************************************************************** ****************************************************************************** What's New ------------------------------------------------------------------------------ * Object Filler ------------------------------------------------------------------------------ - FIXED LIMITATION: Object Groups and Service Groups are properly recognized with Colors and comments. - FIXED LIMITATION: When importing configurations from Cisco PIX, now it is supported to have groups defined, even when importing rules. In General, importing rules from Cisco PIX has been *greatly* enhanced. - FIXED BUG: Network objects (network type) with the same IP but different netmask are now properly differentiated. Previously they were mistakenly taken as duplicates. - FIXED BUG: Now it recognizes correctly the "replies" setting for services. - Solaris SPARC is now supported. Fixed several internal bit-to-bit operations (to deal with little to big endian representations) so they can work fine there, and compiled the tools under Solaris 2.8 SPARC. - Now the tool recognizes "disabled_sec_rule" and process it appropriately. - Enhanced support for Connectra devices. Now it recognizes Connectra NGX and administration port. - Now it supports objects representing InterSpect NGX devices. - Regular VPN-1 Edge objects are now supported. - Source port for TCP and UDP services is now properly recognized and processed. - Resource objects are now recognized, with some limitations (see the User's Manual for more information). - Full support for Security Rules, including rules with resources, with user groups as sources and negated cells. - When "No Policy Verification" (nopv) is used, it causes not to check for duplicates while processing CSV files. Avoids issues especially when processing rules. ------------------------------------------------------------------------------ * Object Dumper ------------------------------------------------------------------------------ - FIXED LIMITATION: Recognizes "User Defined 2" and "User Defined 3" as a valid track option in rules. - FIXED LIMITATION: Object and Service Groups are properly recognized with Colors and comments. - FIXED LIMITATION: All object colors are now properly recognized. - The tool now recognizes disabled rules, and print them as "disabled_sec_rule". - FIXED LIMITATION: Work with policy files, not needing to specify an objects file in the Command line. The "-p" switch can be used by itself. - Added Support for Groups while processing the objects.C found in gateway machines under the $FWDIR/database directory - Useful for recovering objects from the Gateway, when SmartCenter has been crashed and no backup is available. - Enhanced support for Connectra devices. Now it recognizes Connectra NGX and administration port. - Now it supports objects representing InterSpect NGX devices. - Source port for TCP and UDP services is now properly recognized. - Regular VPN-1 Edge objects are now supported - Resource objects are now recognized, with some limitations (see the User's Manual for more information) - Full support for Security Rules, including rules with resources, with user groups as sources and negated cells. ------------------------------------------------------------------------------ * Documentation ------------------------------------------------------------------------------ - Documentation updated to reflect the new things supported.
