Simplify management of the Check Point VPN-1 object database
3 Comments
If you work in a wide infrastructure and adopted Check Point VPN-1 you know populating and maintaining your object database can be an overwhelming task.
To help Check Point released since the NG version a new SmartClient, called SmartMap, integrated with the SmartDashboard.
This tool is able to automatically map all objects available in the object database and export them in some formats. It seems useless for many customers and students but it is not: the SmartMap is able to export all objects in a Microsoft Visio drawing. Once in Visio you can push imported objects inside an ODBC database or inside a Microsoft enteprise management tool like Operation Manager (MOM).
SmartMap, which isn't free of charge, is great for database synchronization from VPN-1 to elsewhere but what about the opposite? How to populate Check Point VPN-1 from external sources?
Martin Hoz created a great tool to do so called Object Filler able to achieved the task in a brillant way:
At the same time Martin developed the opposite tool called Object Dumper exporting objects from VPN-1 database in CSV format.
Both tools supports Check Point VPN-1 on Windows, Linux and SecurePlatform up to NGX [R60] and are free of charge.
To help Check Point released since the NG version a new SmartClient, called SmartMap, integrated with the SmartDashboard.
This tool is able to automatically map all objects available in the object database and export them in some formats. It seems useless for many customers and students but it is not: the SmartMap is able to export all objects in a Microsoft Visio drawing. Once in Visio you can push imported objects inside an ODBC database or inside a Microsoft enteprise management tool like Operation Manager (MOM).
SmartMap, which isn't free of charge, is great for database synchronization from VPN-1 to elsewhere but what about the opposite? How to populate Check Point VPN-1 from external sources?
Martin Hoz created a great tool to do so called Object Filler able to achieved the task in a brillant way:
- Is able to automatically create hosts, networks, address ranges and other type of objects, giving couple of IP addresses and a netmask.
Object Filler will calculate for you which IP address corresponds with a valid object (i.e. will just use network addresses to create networks, ignoring broadcasts) - Is able to import objects information to the SmartCenter, given the configuration information from Cisco Routers (ACLs), as well as from Cisco PIX, Juniper NetScreen, Symantec Raptor, SecureComputing's SideWinder and Gauntlet firewalls.
In some cases it also supports converting firewall rules - If there is a list of objects with their corresponding properties (IP address, netmask, color, NAT properties, etc.) in some known format.
Object Filler is able to import them into the SmartCenter, easing the task of populating it
At the same time Martin developed the opposite tool called Object Dumper exporting objects from VPN-1 database in CSV format.
Both tools supports Check Point VPN-1 on Windows, Linux and SecurePlatform up to NGX [R60] and are free of charge.
Most Recent Articles
3 Comments:
- i want to say there is a mistake in the mentioned authorship of the tools. they actually show martin hoz as the author when they run. confusing since they are published on linder's site.....
-
Thanks for the correction!
The post has been changed accordingly. - Yes Martin Hoz did indeed develop the tools, the Linder site was just charitable hosting.
Links to this article:
Stay up to date |
|