Download ppt - Cisco Security Conversion Tool (SCT) Check Point ™ to Cisco Conversion Tool

1© 2006 Cisco Systems, Inc. All rights reserved.Cisco Channel Confidential

Cisco Security Conversion Tool (SCT)

Check Point™ to Cisco Conversion Tool


Cisco Security Conversion Tool (SCT) Overview

• Tool to convert a Check Point configuration to a Cisco ASA/PIX/FWSM configuration.

• Creates a Cisco device configuration that can be managed with CLI, PDM, ASDM or Cisco Security Manager.

• Provides an option to optimize the ACL rule table when used in Cisco Security Manager or ASDM 5.2 or higher.

• Make the tool available at no cost to customers, Cisco SE’s, Advanced Services, and Cisco Security Partners.

Note: The output from this tool should be manually reviewed to verify the accuracy and completeness of the conversion.


SCT Benefits

• Reduced time to convert from Check Point to Cisco firewalls.

• Increased accuracy in the conversion from Check Point to Cisco firewalls.

• Allows you to use Cisco TAC for questions/support on their new Cisco firewalls.

• Optimized option to convert from Check Point to the new Cisco Security Manager.

• Increased traceability since inline comments are created to indicate which Check Point commands correlate to which Cisco commands.

• Automated report that summarizes the conversion process.


Note

• Several assumptions are made during the conversion process since Check Point and Cisco firewalls are managed differently. A user, Cisco Advanced Services or a partner should manually review and verify the output from Cisco SCT.


System Requirements

• Runs on Windows XP and 2000 platforms.

• Converts from Check Point 4.x, NG and NGX Firewalls.

• Converts to an ASA/PIX 7.x and FWSM 2.x or 3.x


What is Required for the Conversion?

• objects.C (Check Point 4.x) or objects_5_0.C (Check Point NG) – contains the objects definition

• <rule>.W – contains the firewall policy information

• (optional) rulebases_5_0.fws– contains the comments information

• Route and interface information from Check Point


What Will Be Converted?

• Access rules (security policies)

• Network objects and network object groups

• Service objects and service object groups

• NAT rules

• Static routes

• Interface-related configuration


Cisco SCT Output

• Corresponding ASA, PIX, or FWSM CLI configuration.

• Summary of what was converted.

• Conversion report indicating any errors or warnings during the conversion.

• Detailed HTML report with hyperlinks from the CLI conversion to the original Check Point policy.


Getting Started with Cisco SCT

• Download SCT

• Install SCT

• Launch SCT

• Run demo orselect files



• Specify target platform and various options



• Review and edit interface information



• View conversion status and statistics


Conversion Report


Cisco Device Configuration


Additional Cisco SCT Resources

• Download Site (requires a CCO user ID): http://www.cisco.com/cgi-bin/tablebuild.pl/sct

• Technical Support:[email protected]

• Report your success and give us feedback! [email protected]