5 Replies Latest reply on Aug 13, 2013 7:57 AM by mtuma

    CheckPoint to MFE 8.3.x rules without conversion tool




      Now I'am on customer site durig implementation new MFE 8.3.1 cluster.

      Customer already have CheckPoint firewall.

      My firewall (MFE) is located near to oryginal firewall, and we don't replace firewalls, but step-by-step migrate services (and users) from CheckPoint to MFE.


      I know, that is Conversion Tool to convert CheckPoint or PIX rules to MFE rules.

      I don't want to use it, because CheckPoint have lot of old policy, that we don't want to migrate.

      We've decide to migrate step-by-step.


      As you know, CheckPoint have different rules engine that MFE.

      In CheckPoint we don't have such thing like ZONES.



      How I can make MFE rules, that on CheckPoint was:

      - Source ANY

      - DEST (some_IP_in_the_internet)

      - Service (HTTP, HTTPS)

      - NAT (on MFE external IP)


      What about zones?

      What should I put in ZONE field?  <ANY> Zone?

      What about Anti-spoofing in this example.


      Please clarify it to me, because I have to some rules to migrate quite quickly.


      Best regards