Forum Discussion
Checkpoint to AFM migration
Hi,
Anyone have migrated from checkpoint to AFM? As per AFM documents it seems that the device works as interface based firewall but any idea what all challenges will be there?
Thanks,
- Pedro_HaoaRet. Employee
Hi,
I'm afraid that 'til today, there's no easy way to migrate from Checkpoint NGFW to BIG-IP AFM.
In BIG-IP AFM you could configure rules Globally, per Route Domain (if you combine this with Partitions it's similar to Cisco VRF/Isolated Zones/etc), per Virtual Server, per Self-IPs...
BIG-IP AFM is a high-performance, stateful, full-proxy security solution, with Geolocation, Protocol Anomaly Detection, Port-misuse protection, DoS and DDoS protection (DDoS auto-threshold), that can remotely triggered black hole filtering.
More information:
F5 BIG-IP Advanced Firewall Manager Operations Guide
This is something i would love to do, but would never get approval for.
Depending on what version you're running your best bet would be to convert outputs from DBedit to TMSH commands.
- JohannesNimbostratus
You can export your Checkpoint FW policy to the Cisco ASA migrator to create a set of files that list policies, address-lists and rules, then change those commands from Cisco ASA-nese to F5 tmsh commands.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com