1© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Cisco Security Conversion Tool (SCT)
Check Point™ to Cisco Conversion Tool
222© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Cisco Security Conversion Tool (SCT) Overview
• Tool to convert a Check Point configuration to a Cisco ASA/PIX/FWSM configuration.
• Creates a Cisco device configuration that can be managed with CLI, PDM, ASDM or Cisco Security Manager.
• Provides an option to optimize the ACL rule table when used in Cisco Security Manager or ASDM 5.2 or higher.
• Make the tool available at no cost to customers, Cisco SE’s, Advanced Services, and Cisco Security Partners.
Note: The output from this tool should be manually reviewed to verify the accuracy and completeness of the conversion.
333© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
SCT Benefits
• Reduced time to convert from Check Point to Cisco firewalls.
• Increased accuracy in the conversion from Check Point to Cisco firewalls.
• Allows you to use Cisco TAC for questions/support on their new Cisco firewalls.
• Optimized option to convert from Check Point to the new Cisco Security Manager.
• Increased traceability since inline comments are created to indicate which Check Point commands correlate to which Cisco commands.
• Automated report that summarizes the conversion process.
444© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Note
• Several assumptions are made during the conversion process since Check Point and Cisco firewalls are managed differently. A user, Cisco Advanced Services or a partner should manually review and verify the output from Cisco SCT.
555© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
System Requirements
• Runs on Windows XP and 2000 platforms.
• Converts from Check Point 4.x, NG and NGX Firewalls.
• Converts to an ASA/PIX 7.x and FWSM 2.x or 3.x
666© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
What is Required for the Conversion?
• objects.C (Check Point 4.x) or objects_5_0.C (Check Point NG) – contains the objects definition
• <rule>.W – contains the firewall policy information
• (optional) rulebases_5_0.fws– contains the comments information
• Route and interface information from Check Point
777© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
What Will Be Converted?
• Access rules (security policies)
• Network objects and network object groups
• Service objects and service object groups
• NAT rules
• Static routes
• Interface-related configuration
888© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Cisco SCT Output
• Corresponding ASA, PIX, or FWSM CLI configuration.
• Summary of what was converted.
• Conversion report indicating any errors or warnings during the conversion.
• Detailed HTML report with hyperlinks from the CLI conversion to the original Check Point policy.
999© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Getting Started with Cisco SCT
• Download SCT
• Install SCT
• Launch SCT
• Run demo orselect files
101010© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Getting Started with Cisco SCT
• Specify target platform and various options
111111© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Getting Started with Cisco SCT
• Review and edit interface information
121212© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Getting Started with Cisco SCT
• View conversion status and statistics
131313© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Conversion Report
141414© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Cisco Device Configuration
151515© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential
Additional Cisco SCT Resources
• Download Site (requires a CCO user ID): http://www.cisco.com/cgi-bin/tablebuild.pl/sct
• Technical Support:[email protected]
• Report your success and give us feedback! [email protected]
Top Related