Migration Zip file
In this section we present how to create a valid ZIP file that will provide original vendor's configuration files and mapping instructions to generate a valid converted PANOS XML file.
#
The ZIP structureThe following is a representation of the structure of a ZIP contents. A mapping.json
file is mandatory at the root of
the zip file, and will be used to determine how the rest of the files in the zip are being used during the migration processes.
The mapping.json file
would represent the mapping structure used for performing the migration.
The following is an example that represents the migration of three configurations into different device groups
in a Panorama configuration:
info
The valid vendor
values are:
- cp → Checkpoint < R80
- cp-r80 → Checkpoint > R80
- ciscoasa → Cisco ASA
- fortinet → Fortinet Fortigate
- netscreen → Juniper Netscreen
- sonicwall → Sonicwall
- srx → Juniper Junos
Coming soon:
- ciscoswitch → Cisco Switch
- ciscoisr → Cisco ISR
- pfsense → Pfsense
- sophos → Sophos
#
Obtaining Third party vendor's configuration informationTo assist you in the generation of the mapping.json file, we can call a discovery
method that would analyze a
configuration file and, depending on the vendor, will provide back a set of valid options.
For instance, given the exporte_data.xml Stonesoft configuration file, the method can list the declared Firewalls and Clusters in the configuration, and declared security policies.
Method | URL | Parameters |
---|---|---|
POST | https://<ExpIP>/api/v1/migration/discovery | in body {"vendor": "value", "config": "path to the config file", (if cp) "policy": "path to the policy file", (if cp) "objects": "path to the objects file", (if cp) "rulebase": "path to the rulebase file"} |
example | https://10.0.0.1/api/v1/migration/discovery | in body {"vendor": "stonesoft", "config": "/tmp/myMigrationFiles/cpProviders/exported_data.xml"} |
example | https://10.0.0.1/api/v1/migration/discovery | in body {"vendor": "cp", "policy": "/tmp/myMigrationFiles/cpProviders/policy.W", "objects": "/tmp/myMigrationFiles/cpBranches/objects.C", "rulebase": "/tmp/myMigrationFiles/cpBranches/rulebases_5_0.fws"} |
Depending on the vendor, more parameters can be given to discover sections within them. For instance, Checkpoint <R80 would also allow the fields
policy
(in replacement of config
), objects
and rulebase
.
Response example:
- Stonesoft
- Checkpoint <R80
- Checkpoint R80+