Any tool to migrate from a Nokia/CheckPoint firewall to CISCO ASA

Would like to know if there is any tool that could help to migrate CheckPoint firewall objects and rules database to CISCO ASA equivalent ;
Could the last CISCO Security Manager product help in this process ?
thanks in advance

Joel, you may need to use a firewall analyser or fw auditing tools to retreave fw rules from Nokia/Fw-1 in a legibel format like using LFA, but you still need to manually entered the configuration into ASA.
Check this link and look for (LFA) Lumeta firewall analyser, they work along with checkpoint..
http://www.lumeta.com/
Also reference this thread, it may help.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd7e5c4
HTH
Jorge

Similar Messages

  • When using the migrate tool to migrate from windows to mac, can you use ethernet to connect the computers to each other?

    When using the migrate tool to migrate from windows to mac, can you use ethernet to connect the computers to each other? In the Migration tool, I was only given the option of choosing the computer when it appeared on the same network, and didn't see an option to connect them to each other. Even though they're both connected to the same network with a wired connection, the migration is painfully slow.

    Yes. The following quotation is from About Windows Migration Assistant
    These are the preferred network connections, in order:
    Use a CAT6-certified Ethernet cable that is in good condition to connect the Ethernet port of the PC directly to the Ethernet port of the Mac or Ethernet adaptor (USB or Thunderbolt). You shouldn't use an Ethernet cable that has any kinks in it or is missing connector tabs.
    Use CAT6-certified Ethernet cables that are in good condition to connect the Mac and PC to your home network router/hub/switch. You shouldn't use an Ethernet cable that has any kinks in it or is missing connector tabs.
    For wireless, use the fastest wireless signal possible (802.11n 5Ghz). Try to have the PC, Mac, and the wireless access point all in the same room close to each other.

  • I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

    I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
    I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
    I need to allow the following IP addresses to have RDP access to my server:
    66.237.238.193-66.237.238.222
    69.195.249.177-69.195.249.190
    69.65.80.240-69.65.80.249
    My external WAN server info is - 99.89.69.333
    The internal IP address of my server is - 192.168.6.2
    The other server shows up as 99.89.69.334 but is working fine.
    I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
    THE FOLLOWING IS MY CONFIGURATION FILE
    Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
    Also the bolded lines are the modifications I made but that arent working.
    ASA Version 7.2(4)
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password DowJbZ7jrm5Nkm5B encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.6.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 99.89.69.233 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    object-group network EMRMC
    network-object 10.1.2.0 255.255.255.0
    network-object 192.168.10.0 255.255.255.0
    network-object 192.168.11.0 255.255.255.0
    network-object 172.16.0.0 255.255.0.0
    network-object 192.168.9.0 255.255.255.0
    object-group service RDP tcp
    description RDP
    port-object eq 3389
    object-group service GMED tcp
    description GMED
    port-object eq 3390
    object-group service MarsAccess tcp
    description MarsAccess
    port-object range pcanywhere-data 5632
    object-group service MarsFTP tcp
    description MarsFTP
    port-object range ftp-data ftp
    object-group service MarsSupportAppls tcp
    description MarsSupportAppls
    port-object eq 1972
    object-group service MarsUpdatePort tcp
    description MarsUpdatePort
    port-object eq 7835
    object-group service NM1503 tcp
    description NM1503
    port-object eq 1503
    object-group service NM1720 tcp
    description NM1720
    port-object eq h323
    object-group service NM1731 tcp
    description NM1731
    port-object eq 1731
    object-group service NM389 tcp
    description NM389
    port-object eq ldap
    object-group service NM522 tcp
    description NM522
    port-object eq 522
    object-group service SSL tcp
    description SSL
    port-object eq https
    object-group service rdp tcp
    port-object eq 3389
    access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
    access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
    access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
    access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
    access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
    access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
    access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
    access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.6.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer 68.156.148.5
    crypto map outside_map 1 set transform-set ESP-3DES-MD5
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 1
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    tunnel-group 68.156.148.5 type ipsec-l2l
    tunnel-group 68.156.148.5 ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
    : end
    ciscoasa(config-network)#

    Unclear what did not work.  In your original post you include said some commands were added but don't work:
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
    and later you state you add another command that gets an error:
    static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
    You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
    The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
    Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

  • Do we have any tool to migrate SharePoint 2010 to 2013?

    Hi,
      Why Microsoft didn't provided the User friendly tool to migrate the solution from SP 2010 farm to SP 2013 farm? In order to take the backup and restore the database, run some powershell commands and validating the process , instead they can provide
    some user friendly tool to support the migration process. If they can provide SharePoint Designer / Infopath for customization /branding, why they're not providing the tool for migration instead of using 3rd party tool.
    Balaji -Please click mark as answer if my reply solves your problem.

    Hi Balaji,
    As Alex mentioned, "upgrading SharePoint is potentially quite complicated". I've heard some nightmare scenarios coming from users who tried the detach-attach solution provided by Microsoft* but others also been able to get the desired result with a few manual
    tweaks. However I couldn't say exactly why Microsoft isn't providing his SharePoint end-users with a more friendly approach, I guess Alex and John gave you a good idea about Microsoft motivations for not going forward.
    The upgrade is for sure rather complicated. However from what I could understand so far you were looking for a simple solution and I'm guessing you'll find a great alternative with third party tools.
    In fact when comparing the attach-detach method with third party tools you'll quickly notice that third party tool will allow you to simply go directly from for instance SP2007 to O365 without having to previously move everything to SP2010. In sum they are
    huge time savers. Also, the detach/attach method has limitations such as broken links and workflows, two things must third party tools will take care of.
    As I'm working for Sharegate and using it on a daily basis, I admit my judgement is biased ;-) However, from an end user point of view simplicity is certainly one of Sharegate's great assets. Most third-parties also offer trial versions that allow you to compare
    and see how they work. I invite you to see for yourself which tool suits you best. Here is a place to start your journey: http://en.share-gate.com/download
    Cheers!
    Stephanie, from Sharegate

  • What is the right tools to migrate from developer suite 10g to 11g?

    Hi all..
    Im kinda new here and hope pro can help me in the right direction. I've been developing forms and reports in 10g which is using the developer suite. My company would like to migrate to 11g. However, i see that there are no 11g developer suite. it must have rename it something else or provided to developer in a different name or so.
    Could someone clarify this and give me a link to what i need to develop forms and reports in 11g. Im sure im going to need the weblogic as well.
    I did find a post where user states that there is no more developer suite in 11g but i find his answer a bit unclear. So i was hoping someone can give a link to what i really need in order to continue with 11g.
    Thanks

    In brief a migration from 10g to 11g is just a recompile, nothing more. There were some built-ins removed in 11g which were deprecated in 10g (like run_product for example) so if you have some dead code containing this built-ins you will get compile errors. But as those built-ins didn't do anything in 10g you should be able to remove them without a second thought.
    As for developer suite: there is no developer suite anymore like there was in 10g; There is only one complete bundle containing the development as well as the deployment components, and you can choose at installation time which components you want to install. You can install the IDEs and omit some of the components you won't need in 11gR1 or install the development version in 11gR2.
    You can find the install bundles here.
    Before you start installing it is a good idea to review the certified system configurations.
    cheers

  • Move SSL Cert from one device to another on Cisco ASA

    Hello Everyone,
    Is it possible to move SSL certificate + Key from one cisco asa to another ? I hope its possible and if someone can guide me towards correct documentation that would be perfect.
    thank you
    Manish

    We have an ASA5550 running 8.2(5) that we're using as a VPN terminator; it died yesterday when we had a power glitch in the data center, and we're temporarily installing a spare 5510 (we don't have a spare 5550) until it's replaced.  But the RSA keys on the spare don't match the ones on the old firewall, so when we try to install the old cert it fails:
    ERROR: Keypair cannot be found for trustpoint UMVPN3-INCOMMON-MAY2020.
    The old ASA is dead, so we can't do a straight export/import - all we have to work with is what's in yesterday's config backup...
    I gather there's no way to extract the original keys from this; is there any way to recover in this case?  Or must we export the certs from the ASAs with a "crypto ca export" and save copies of these in a secure location?

  • Any way to migrate from one 10.5 server to another?

    Hi,
    I just lost a 10.5 Server installation, it just won't boot anymore. Since no one seems to be able to help with that problem, I needed to move on and install fresh. However, the old installation took considerable work. I would hate to have to do it all over again. So the question is: is there a migration assistant or something similar to migrate one OSX Leopard Server installation to another machine / hard drive?
    Cheers.
    PS: I tried carbon copy cloner, the cloned instance won't boot up either. I guess some files have been corrupted.

    Yes, you can.
    Open: System Preferences > Hardware > Keyboard & Mouse > Mouse, select menu for the side
    buttons, turn it off or select another use for the side buttons.
    It takes a little practice, but you can train yourself not to be pressing the side buttons inadvertently.
    That's the other option.
    To still use expose, you can use the keyboard. I have expose assigned to F10. Those settings can be
    adjusted using System Prefs as well.
    Kj

  • Migrating from Linux based Tacacs+ server to Cisco ACS 1113 appliance

    I'm trying to migrate my configuration from a Linux based Tacacs+ server to the Cisco ACS 1113 appliance. Does anyone have any recommendations.
    Thanks.

    Hi
    We (extraxi) offer migration and general consultancy for ACS if you need professional help.
    www.extraxi.com/contact.htm

  • Migrating from SIEMENS HIPATH 3000 to a CISCO VOIP Solution

    We've got a SIEMENS HIPATH 3000 PBX system with 15 to 20 individual telephone lines coming in from the telecom operator into the FSO card of the PBX
    We are planning to migrate to CISCO Call Manager and are also implementing an 3845 Router
    I would like to know if there is an interface on the router into which these 20 RJ11 phone lines go or is there another option
    How do I go about it ?

    Thanks pk, I knew of the FXO Cards. However I do not think there is any FXO card that allows for 20 RJ11 individual phone lines
    Because all the cards available at the link you sent me are all 2, 4 or max 8 ports
    VIC-2FXO 2 FXO
    VIC-2FXO-EU 2 FXO
    VIC-2FXO-M1 2 FXO
    VIC-2FXO-M2 2 FXO
    VIC-2FXO-M3 2 FXO
    VIC-4FXO-M1 4 FXO
    VIC2-2FXO 2 FXO
    VIC2-4FXO 4 FXO
    MRP3-8FXOM1 8 FXO
    Do you have the product number of any FXO card that has 20 FXO ports for 20 RJ11 phone lines ?

  • Migrating from CiscoWorks LMS 3.1 to Cisco Prime LMS 4.2

    Hi Everyone
    My client was formerly having CiscoWorks LMS 3.1. Recently, they purchased Cisco Prime Infrastructure v1.2, which comes with Cisco Prime LMS 4.2. Can I migrate the database (equipment list, usernames etc.) of the CiscoWorks LMS 3.1 to Cisco Prime LMS 4.2? If yes, how do I do this? Please kindly advice.
    Shown below, were the Part Numbers quoted to the end client.
    R-PI12-UP-K9
    LMS 2.x/3.x to Cisco Prime Infrastructure 1.2 Major Upgrade
    L-PI12-LF-1.5K-LIC
    Prime Infrastructure 1.2 - Lifecycle - 1.5K Device Lic PAK
    L-PILMS42-1.5K-U
    Prime Infrastructure LMS 4.2 - 1.5K Device Maj Upg Lic
    R-PI12-BASE-K9
    Prime Infrastructure 1.2 Base License and Software
    L-PI12-1.5K-UP
    LMS 2.x/3.x to Prime Infrastructure 1.2 Maj Upg 1.5K Device
    Regards,
    Ram

    Thanks Marvin for your advice. Just one last question, there's a statement in the URL that you've provided
    "Ensure that the passwords, HTTPS port and SMTP server details are same in both LMS 3.2 SP1, LMS 4.0.1 or LMS 4.1 server and LMS 4.2 server with Symantec Veritas implementation, while migrating data from non-HA to HA environment."
    Does this mean my client need to purchase Symantec Veritas, as well?

  • Migration From SQL 7.0 To Oracle 8.0.5

    Is there any tool to migrate from SQL Server 7.0 To Oracle 8.0.5
    null

    Hi Khalil,
    It is downloadable from this web page in the 'Software' Link.
    Regards
    John
    Khalil A. Khalil (guest) wrote:
    : Is there any tool to migrate from SQL Server 7.0 To Oracle
    8.0.5
    Oracle Technology Network
    http://technet.oracle.com
    null

  • Is there any Tool for successfully migrating the Infopaths data connection from old URL to new URL?

    Hi Support,
    In my Project we are trying to migrate sharepoint 2007 Infopaths to sharepoint 2013 Infopaths(there are some 20000 infopaths).Here we want to change the Data Connection from old to new connection.
    So please let me know if there is any tool to migrate sharepoint 2007 infopaths data connection to sharepoint 2013 infopaths data connection.
    Thank You in Advance for your help.
    Regards,
    Pradeep

    Hi Pradeep,
    As far as I could search, there is no built-in feature to batch updating InfoPath forms, I’d suggest you consider script or third party tool. Here are the links that might help:
    http://sharepintblog.com/2011/06/07/updating-infopath-form-templates-and-data-connections-with-powershell/
    http://www.dotnetfunda.com/articles/show/2829/migrating-infopath-2007-form-to-2013-forms
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
    or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Regards,
    Rebecca Tu
    TechNet Community Support

  • Migration from UCCE to UCCX

    Where to get any informaton (best practises, guidelines ) for migration from UCCE to UCCX.
    Does cisco have ani migratio tools ( like scripts, promps migration )  for application transfer from UCCE to UCCX
    Thanks   

    In addition to great tips from Gergely (+5), you will not find too much of folks that went from UCCE to UCCX, it is more common to go the other route.
    Other items to consider is the re-deployment of agent desktops to the PC, if you are using CTI OS today you will need to migrate to CAD, so a little different agent experience. Also, pay attention to any 3rd party integrations, ie. call recording, WFM, CTI, VXML, wall board, survey, etc, etc as some may not be compatible with UCCX.
    HTH,
    Chris

  • Migration from MS SQL7 to Oracle 8i

    Has any one successfully migrated from MS SQL7 to Oracle 8i
    (basically tables & stored procedures).
    Any suggestion would be greatly appreciated.
    Thanks
    Anish
    null

    Oracle Migration Workbench Team wrote:
    : Anish,
    : We have a number of customers from our SQL Server 7.0 beta
    : program who have successfully migrated their databases. We will
    : be making the SQL Server 7.0 version of the Workbench available
    : on OTN within the next 3 weeks.
    : This should be able to significantly help you with your
    : migration. If you have not already used the tool I would
    suggest
    : either downloading the 6.5 version or take a look at the Quick
    : Tour which is available within the Migration Technology section
    : on OTN.
    : Regards,
    : Marie
    : =====
    : Anish (guest) wrote:
    : : Has any one successfully migrated from MS SQL7 to Oracle 8i
    : : (basically tables & stored procedures).
    : : Any suggestion would be greatly appreciated.
    : : Thanks
    : : Anish
    : Oracle Technology Network
    : http://technet.oracle.com
    null

  • Migrating from MS-SQL Server to Oracle

    Hi,
    Is there any Java Tool to migrate from MS-SQL Server to Oralce?
    (My Organization's data is already stored in MS-SQL Server database, now we want to migrate to Oracle;
    is there any easy way to pull data from MS-SQL Server and push into Oracle database)
    thanks,

    I think u should use a third party help to resolve this problem, i use dbload to solve it when i was migrated my data, it can migrate almost any data, it helps me to convert MSSQL to MYSQL, MS access to MSSQL, mysql, csv loader, foxpro and MSSQL to MS access, MYSQl, CSV, foxpro etc. i found it on google search.
    Download Free : http://www.dbload.com

Maybe you are looking for

  • Unable to load database connector

    Hi. I am trying to get a report running through the JRC in Crystal Reports XI. Whenever I try to run the report, it pulls up the viewer, but then gets the following message: "Unable to load database Connector" 'com.crystaldecisions.reports.queryengin

  • Error when activate transfer structure

    Dear Experts I Have problem with transfer structure activation with start routine If I check the start routine it's ok, no error but if i activate transfer routine, there is an error bellow: Syntax error "' '" and "TRAN_STRUCTURE" are not comparable

  • Monitoring with Server Manager?

    I start Server Manager in an xterm window with command svrmgrl and log in with system account. However, when trying to monitor the database, the following message appears (interpreted by oerr): [oracle@rxo log]$ oerr MGR 4501 4501, 0, "monitors are n

  • Authorization Issue in SM50

    Hi All, One of our user is facing authorization issue in SM50. He goes to SM50 and tries to open a work process. This is where he gets message "You are not authorized to use function Work Process List". When I check the trace, I see only missing acce

  • Changing the material Group in PO -- the GL assignment doesn't change

    Good morning, we have a material group linked to a valuation class. When we create a service purchase order, we use this material group and the G/L account is automatically updated, but if we change the material group, the G/L account doesn' change.