Incorrect results in the Migrated AZ F/W Rules/IP Groups
nbatheja-caat opened this issue · comments
Getting Incorrect results in the Migrated AZ F/W Rules/IP Groups
Issues
When compared to the original data in checkpoint firewall, we noticed that the migrated configuration was incorrect and missing the following things-
- The Azure firewall rules were missing some of the ports
- The number of IPs in the IP groups were not similar. In some cases, an object in checkpoint having one host was created in Azure with X number of IPs. Also, we noticed that the IP groups have these extra IPs from all the objects which were there in the destination originally. (screenshot attached)
- The azure firewall rules are not having IP groups while they have it in checkpoint.
- The Azure Firewall rules are created using IPs instead of using Objects/IP groups (screenshot attached)
- Originally the total number of rules we have in checkpoint are over 600 but it only migrated 450.
- The python script errors out when there is no name for the firewall rule in checkpoint. Here's the error we get -
C:\chkp2azfw>python chkp2azfw.py
Traceback (most recent call last):
File "chkp2azfw.py", line 554, in
inspect_access_layers(access_layers)
File "chkp2azfw.py", line 350, in inspect_access_layers
rule_name = rule['name'] if len(rule['name']) <= 38 else rule['name'][:38]
KeyError: 'name'
Expected behavior
A clear and concise description of what you expected to happen.
Expected the IP groups to be created with the same number of IPs which are there in checkpoint.
Expected the rules to be created in a similar way we have in checkpoint
Screenshots
Logs
- The Python script gave a lot of errors which we have attached here.
Message that will be displayed on users' first issue