Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1630
Views
0
Helpful
4
Replies

FW Migration from Checkpoint R80.40 to FMC 7.0 using Firepower migration tool 2.3.5

Jozef Cmorej
Level 1
Level 1

‎07-13-2021 01:42 PM

Hi all,

I am trying to migrate Checkpoint FW to FMC using the Firepower migration tool.

It seems that the Checkpoint configuration has been extracted properly from secure gateways and smart console but I get an error message during the parsing phase and the migration process stops suddenly with the message - Blocked Error In Connecting To Device - Please Check The Logs

 

Environment:

Checkpoint secure gateways - 1100 and 4400, R80.40

Smart Console Management - R80.40

FMC - 7.0.0 (build 94)

Firepower Migration tool - 2.3.5-5464

 

Error Message in the log from the migration tool:

2021-07-13 13:24:55,613 [ERROR | parser_cp.py] > unable to count the objects due to:[local variable 'route_network_address' referenced before assignment]
2021-07-13 13:24:55,616 [ERROR | connect_cp.py] > local variable 'route_network_address' referenced before assignment

 

I have tested both security gateways and different security policies but with the same result.

I have not found anything relevant related to this error. Unfortunately, I am not able to process it further without sorting it out.

Attached you can find a log file.

 

Any hint would be helpful.

 

Thank you
Jozef

1 person had this problem
Preview file
16 KB
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-14-2021 05:22 AM

From the log you provided it looks like a bug in the tool to me. I'd recommend opening a Cisco TAC case to confirm. You should be able to use your FMC support contract to open the case.

0 Helpful

raribeiro
Level 1
Level 1

‎09-01-2021 11:23 AM

Hello Jozef, how are you?

Please, how did you solve this error? I got the same problem here...

0 Helpful

Jozef Cmorej
Level 1
Level 1
In response to raribeiro

‎09-10-2021 03:08 AM

A Checkpoint gateway 1100 is not supported with the migration tool as it uses a bit different CLI syntax. Some commands are not presented on 1100 which causes an interruption of the migration process.

0 Helpful

Chakshu Piplani
Cisco Employee
Cisco Employee

‎09-03-2021 03:25 AM

The Checkpoint Security Manager should be in expert mode, the Security Gateway needs to be in CLISH mode.
So please make sure you have the correct privileges on each one and run the tool again.

 

Hope this helps

 

Regards,

Chakshu

 

Do rate helpful posts!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card