search

GoSecure / Cisco2Checkpoint

Tool that assists in migrating firewall rules from Cisco to Checkpoint. Will optimize rules for you (rationalization, reuse merging, etc.).
http://gosecure.net/2017/01/30/cisco2checkpoint-cisco-checkpoint-conversion-tool/
GNU General Public License v3.0
21 stars 11 forks source link

name objects not being read properly? #10

Closed VeloxAequitas closed 7 years ago

VeloxAequitas commented 7 years ago

Hello,

Hoping you can help me figure out why the script isn't working properly. I have the following object in the running config:

name 192.168.139.83 ssmongrep01

The object also appears in the config here: object-group network scom-srvs network-object host 192.168.203.80 network-object host 192.168.203.81 network-object host 192.168.203.82 network-object host ssmonmgt01 network-object host ssmongw02 network-object host ssmongrep01

The script is creating the following output:

# Creating new host: H_ssmongrep01
create host_plain H_ssmongrep01
modify network_objects H_ssmongrep01 ipaddr ssmongrep01
modify network_objects H_ssmongrep01 comments ""
modify network_objects H_ssmongrep01 color "black"
update network_objects H_ssmongrep01

AND

# Creating new host: H_ssmongrep01
create host_plain H_ssmongrep01
modify network_objects H_ssmongrep01 ipaddr ssmongrep01
modify network_objects H_ssmongrep01 comments ""
modify network_objects H_ssmongrep01 color "black"
update network_objects H_ssmongrep01

The two outputs seem to be dynamically created, based on the H_ prefix. The two outputs also occur at different places in the output, starting on lines 51 and 987 respectively.

Help please!

Thanks!

martindube commented 7 years ago

It is now working on my side. Please test.

VeloxAequitas commented 7 years ago

Working perfectly now, thanks!

mjardeli commented 7 years ago

Hi, Seems this is a pre 8.3 version config type ( or even older), there is another format to this config line (using the same example):

name 192.168.139.83 ssmongrep01
object-group network scom-srvs
 network-object ssmongrep01 255.255.255.255

Output error:

Traceback (most recent call last):
  File "c2c.py", line 168, in <module>
    c2c.importConfig(args.cpPortsFile,args.cpNetObjFile,args.ciscoFile)
  File "lib/cisco2checkpoint.py", line 1748, in importConfig
    self._importNetGroups(self.parser.getNetGroups())
  File "lib/cisco2checkpoint.py", line 1825, in _importNetGroups
    self.addObj(CiscoNetGroup(self, newGrp, color=self.color))
  File "lib/cisco2checkpoint.py", line 950, in __init__
    for mm_r in parsedObj.result_dict:
  File "lib/ciscoconfparse_patch.py", line 585, in result_dict
    .format(obj.text))
ValueError: [FATAL] models_asa cannot parse ' network-object ssmongrep01 255.255.255.255'

Maybe this alternative way can also be added.

thanks,

martindube commented 7 years ago

It is now working on my side. Let me know when you can.

mjardeli commented 7 years ago

Perfect! Working, thanks :)

mjardeli commented 7 years ago

Just one thing to add, if the command "no names" is issued before the "show run", config will be build using IPs instead of names. You can search for line "no names" on the generated config.