With Skybox it is possible to analyse the Check Point security policy – the files you need to export from the manager for this are:
The following files are required to import a Check Point FireWall-1 configuration:
- objects_5_0.C: The network objects file contains objects (including assets, networks, and services) referenced in the access rules.
- rulebases_5_0.fws: The rulebase file contains the access rules.
- (Optional) install_statuses.C: The installed statuses file includes the name of the policy (the active policy) that is currently installed in the firewall.
- (Optional) vsx_objects.C: The VSX device objects file contains objects (including assets, networks, and services) referenced in the access rules of VSX (virtual systems) firewalls.
Note: If the Check Point configuration contains several policies, install_statuses.C is mandatory (it contains the information of which policy is installed on which firewall).
These files are located at:
- (Windows) C:\WINDOWS\FW1\<version#>\conf
- (Linux) /<FireWall-1_installation_path>/CPfw1-<version#>/conf
You also need the name of the active policy on each firewall module and the ifconfig and netstat –rnv output from each firewall module.