Netscreen Juniper to ASA conversion

Charlie Mayes · ‎12-11-2011

Does anyone know who to convert config form a Juniper Netscreen Firewall to a ASA? We are trying to get rid of the netscreen firewalls at our location and replace them with ASA's. I know very little about Juniper Netscreen Firewalls.

Marvin Rhoads · ‎12-11-2011

There's no conversion tool available as far as I know. (There is one available for CheckPoint to Cisco conversions.) Unfortunately, you'll just have to analyze your ScreenOS script and setup your ASA based on the results of that analysis.

If you've never worked with ScreenOS, it may be best to engage a 3rd party with expertise in both technologies. If that's not possible, just look at your Netscreen script ("get config" from CLI) section by section, line by line, and account for all the features and parameters in your ASA build. Some bits (e.g. extraction of any pre-shared keys) may not be recoverable from the Netscreen.

Also look at it as an opportunity to rebuild your VPN from scratch and clean out any unused or unnecessary bits that may have built up over the past years.

Charlie Mayes · ‎12-11-2011

Hello Mklemovitch,

Thanks for your reply. Your reply fits with exactly what I am thinking. The liability of an extended outage is entirely too great for me to try to do this in-house myself. I totally agree with the 3rd party solution. I retrieved a quote from a company to do this for us and will present it to my team after getting a couple more quotes. The cost stated on the first quotes I received for this are very minimal when compared to the network being down. Thanks Again for your time/advice.