My questing is if I have to Convert Rules (ACL) from Check Point to ASA 8.4 what are my options keeping in mind below
Q 1. Is there any reliable tool available that can use and verify the result?
Q 2. Is there any efficient way to perform this task?
Thanks in advance for consideration
Sorry can't really comment on the Checkpoint as I've only used Cisco firewall products so far.
But if I understood you correctly you are currently using rules in the Checkpoint that are used for many firewall interfaces and many directions. If this is correct, there is an option in the new ASA software (Think it came in 8.3 already) that lets you configure a single access-list to be used for every single interface on the ASA, and for both directions.
The command format to apply a configured ACL to be used as Global Access-list you would have to use the following command
The normal format for per interface/direction would be
As I said before, I can't really say anything about Checkpoint so I don't know what its ACL format is like.
I'm also not familiar about any conversion tools but that mostly due to never having any need for such. I'm sure someone else might give you better information about it.
I guess if you can give some example rules you need converted, it would give me or someone else some idea how different the formats are.
Thanks for your reply. I think you did not understand my question.
Question is very simple
What is the best tool to convert Check Point to ASA Firewall Rules (if rules are more then 1000)
Most Important what is the method to verifiy all of them on ASA after conversion if they have Migrated 100% ?
Would be great if any expert can comment on that
Here is the new self-service tool that Cisco has released to convert to any vendor firewalls to Cisco ASA.
Currently it supports Juniper ScreenOS and CheckPoint to Cisco ASA conversion.
Link to the original post:
Link to the tool itself: