Please refer to the individual vendor sections for instructions on how to export the configuration. For quick vendor navigation, use the table of contents to the right
Export Configuration from GUI:
The configuration can be exported directly from the FortiGate firewalls.
1. Using the Web UI
• Go to Admin -> Configuration -> Backup-> Select to backup to your Local PC or to a USB Disk.
• If VDOMs are enabled, select VDOM configuration (VDOM Config) and then select the VDOM name that you want to migrate from the list.
2. Using the CLI
Use the same command to backup a VDOM configuration by first entering the commands:
The configuration is exported as a “.conf” file and is readable using a text file editor like notepad.
1. Export the configuration file
Juniper SRX (Junos) configuration files are similar to PAN-OS configuration files in that they can be exported in either Set or XML formats. In order to use Expedition to perform the migration, we need the Juniper configuration file in XML format. We actually need to export the configuration from the Juniper device in the XML format by running the following command from the SRX CLI:
2. Modify the configuration file
For Import to Expedition 2.0 , you can import the original xml configuration directly , do not need to go through this step
The file has to start with XML tag
<configuration> without attributes and end with the closing
</configuration> tag. Failure to remove the unneeded attributes is the leading cause of failure during the import into Expedition. The first line of the XML file should look like the following:
The last line of the XML file should end with
</configuration> and is shown below:
The configuration is exported as a .xml file and is readable using a xml editor.
To Backup or Save a Config File
1. Using the WebUI:
Select Configuration -> Update -> Config File
In the Download Configuration from Device section, select Save to File Then in the File Download dialog box, click Save. Navigate to the location where you want to save the configuration file (cfg.txt), then click Save.
2. Using the CLI:
Save the output with below commands:
if Screenos is managed by NSM; rule description is only visible in NSM not directly on FW
- Obtain the newest Checkpoint ShowPolicy package via Checkpoint ShowPolicy Package
- Following below commands to create SCP user on Checkpoint Security Management Server , the scp user will be used to transfer the checkpoint configurations from checkpoint management server to your local machine.
- Go into expert mode to run “java -jar web_api_show_package-jar-with-dependencies.jar -option” command. Please refer the Checkpoint ShowPolicy Package for the command options
Running the tool on a Checkpoint Security Management server:
• Running the tool on a Checkpoint Security Management server for a specific policy package:
• Running the tool on a Checkpoint Multi-Domain Server for specific domain and a specific policy package:
This tool is already installed on CheckPoint Security Management servers running version R80 with Jumbo-HF and above.
The Check Point Management Server also has a wrapper script so the tool can be run as
$MDS_FWDIR/scripts/web_api_show_package.sh which in turn executes
java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar
If you already have tool on CheckPoint Security Management Server, you can follow below steps to export the configuration:
Running the tool on a Security Management server for a specific policy package:
Running the tool on a Multi-Domain Server for specific domain and a specific policy package:
Use of CMA Name is not supported. Only use the Domain name or the CMA IP.
Finally after doing all this you should be able to transfer the output over SCP. PLEASE NOTE THIS IS ALL ARBITRARY DEPENDING ON WHAT YOU HAVE SET UP AND WHERE YOU WOULD LIKE TO SAVE IT.
The configuration is exported as a .tar.gz file.
The route file is needed for Expedition to do zone calculations
Both Checkpoint Management server and Gateway with version lower than R80.x , below are the required files:
Please refer corresponding section based on your checkpoint management tool:
Obtain below configuration files from '$FWDIR/conf':
- Objects – objects_5_0.C (Check Point NG/NGX) or objects.C (Check Point 4.x) contains the firewall's object definitions.
- Policy rulebases – *.w or rulebases_5_0.fws. The file name is
"<package name>.W"(default "Standard.W") or "rulebases_5_0.fws".
- Route File, please refer to the previous section step 4
Global Policies and Objects
The files necessary to migrate the global policies and objects are located in the
opt/<cpversion>/conf directory of the MDS. Although these files are synchronized between MDS systems in a multi-MDS environment, it is suggested to pull them from the master MDS, which is authoritative for the database.
- From expert mode CLI on the Provider-1 server, cd to “$MDSDIR/conf”
- Export the Objects_5_0.C, Rulebases_5_0.fws, and Policy.W files
CMA Policies and Objects
Individual CMA object databases are contained in unique subdirectories underneath the “customers” directory on the MDS:
If the customer is using CMA redundancy, it is suggested to pull the files from the “primary” CMA. To retrieve the files required by the migration tool:
- From the MDS/Provider-1 CLI, switch “context” to the relevant CMA
- Navigate to the /conf directory within that CMA
- Export the Objects_5_0.C , Rulebases_5_0.fws and Policy.W files
- Route file, please refer to the previous section step 4
Issue below commands in the CLI:
If it's multi-context , you will need to issue below commands to get into each of the context before you issue above two commands:
The configuration is exported as a .text file and is readable using any text editor.
Issue below commands in CLI:
Add all your Sidewinder rules into a single file and upload it or use the Copy from Clipboard. Depending on the version some of this commands will fail but others will get same information with the new command
Migration of Stonesoft configurations require a Two-Step process. Please, read the following instructions to support the process.
BROWSE for Stonesoft XML configuration files using the Single File or Multiple Files options. Policy names and Domain Names will be presented
Select the policies wishing to migrate and click on IMPORT SELECTED POLICIES