cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1366
Views
0
Helpful
6
Replies

ASA bulk object creation

Bobby Meador
Beginner
Beginner

Does Cisco have a tool that will make the creation of a 500 + network objects easier for a new FW build?

6 Replies 6

Jouni Forss
Mentor
Mentor

Hi,

My friends at work would probably come up with some script to easily generate large amount of needed configurations or convert existing configuration to abit different format.

I dont know if there is any tool for this. To be honest I think there arent really that many tools for ASA in general. Then again I havent really even looked for any.

I personally do it the hard way

Lots of copy/paste and manual writing. Call me mad but I like writing the configurations myself.

Are you converting some configurations? Perhaps changing from a different firewall manufacturer or something? Or what will all these objects hold?

- Jouni

Yea CP to ASA

Hi,

There is a tool that I have never used but remember it being listed on the Cisco pages download section when downloading new software versions. Maybe its something you are looking for

Here is a screencap of the section of the pages as an example (click to enlarge)

Theres a "Checkpoint Security Conversion Tool"

I dont think it requires any service contract with Cisco.

You could try this link for example

http://software.cisco.com/download/release.html?mdfid=279916854&flowid=4373&softwareid=283748421&release=1.1.1&relind=AVAILABLE&rellifecycle=&reltype=latest

Hope this helps

- Jouni

Yea Im using that and it helps alot but just wondering if any other scripts or options are available.


Thanks

Sorry,

I have been only dealing with Cisco firewalls since I started with networking so I am not very good at giving any tips to help you with easily converting/creating the objects.

Havent really had to move between 2 different firewall vendors while I have worked with firewalls. So I dont know what type of CLI configuration format other vendors have. I have been told that when Cisco moved more heavily to use "object" and "object-group" in the ASA configurations that this was something that was already common with other vendor firewalls. But as I said I havent seen the formats others use so I am not sure what kind of work it would do the conversion.

Also I have not have to convert large amount of configurations with scripts myself. I have usually had someone handle that for me inside our company that regularly does that type of work anyway.

- Jouni

RANT
Beginner
Beginner

I don't think so, but I did an excel spreadsheet to do what you're looking to do.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers