ciscoconfparse_patch.py errors

[anstelios]

Hello guys, Great work !!

I am trying to use the tool but i get the below error

$ python c2c.py --export \

--ciscoFile 'showrun.txt' \
--syntax asa \
--policy My_Policy \
--installOn My_Firewall \
--output 'network_script.txt'

Traceback (most recent call last): File "c2c.py", line 34, in from cisco2checkpoint import Cisco2Checkpoint,Cisco2CheckpointManager File "lib\cisco2checkpoint.py", line 26, in from ciscoconfparse_patch import CiscoConfParse File "lib\ciscoconfparse_patch.py", line 29, in from ciscoconfparse import models_cisco ImportError: No module named ciscoconfparse

Used "git clone --recursive https://github.com/gosecure/cisco2checkpoint c2c" to install the tool I have installed python 2.7.0 I have my ASA exported config (showrun.txt) in c2c folder

Am i missing something ??

[anstelios]

missing modules solved.

But i get a lot some errors when trying to convert my policy:

$ python c2c.py --verify --format text --ciscoFile 'showrun2.txt' --syntax asa --policy My_Policy --installOn My_Firewall --output 'network_script_verify.txt'

[+] Importing all objects except groups.

[+] Importing Checkpoint network objects

[+] Importing all names.

[+] Importing all hosts.

[+] Object "CiscoHost(name=meraki7,ipAddr=2.16.178.8,desc=,alias=)" was not imported as it already exist.

[+] Object "CiscoHost(name=viber5,ipAddr=2.18.83.13,desc=,alias=)" was not imported as it already exist.

[+] Object "CiscoHost(name=viber6,ipAddr=52.1.175.227,desc=,alias=)" was not imported as it already exist.

[+] Importing all networks.

[+] Object "CiscoNet(name=Users_Nat,ipAddr=192.168.10.0/255.255.255.0,desc= description IronPORT IS DOWN,alias=)" was not imported as it already exist.

[+] Object "CiscoNet(name=WIFI_INTERNAL,ipAddr=192.168.35.0/255.255.255.0,desc=,alias=)" was not imported as it already exist.

[+] Importing all ranges.

[+] Fixing duplicate names

[+] Fixing duplicate IP addresses

[+] Fixing duplicate subnets

[+] Fixing duplicate ranges

[+] Importing Checkpoint ports objects

[+] Adding ICMP Aliases

[+] Importing all single ports objects.

[+] Importing all port ranges objects.

[+] Importing all net/host/range groups.

Traceback (most recent call last): File "c2c.py", line 171, in c2c.importConfig(args.cpPortsFile,args.cpNetObjFile,args.ciscoFile) File "lib\cisco2checkpoint.py", line 1757, in importConfig self._importNetGroups(self.parser.getNetGroups()) File "lib\cisco2checkpoint.py", line 1834, in _importNetGroups self.addObj(CiscoNetGroup(self, newGrp, color=self.color)) File "lib\cisco2checkpoint.py", line 958, in init for mm_r in parsedObj.result_dict: File "lib\ciscoconfparse_patch.py", line 609, in result_dict .format(net_obj['object_name'])) KeyError: 'object_name'

$ python c2c.py --verify --format text --ciscoFile 'showrun2.txt' --syntax asa --policy My_Policy --installOn My_Firewall --output 'network_script_verify.txt'

[+] Importing all objects except groups.

[+] Importing Checkpoint network objects

[+] Importing all names.

[+] Importing all hosts.

[+] Importing all networks.

[+] Importing all ranges.

[+] Fixing duplicate names

[+] Fixing duplicate IP addresses

[+] Fixing duplicate subnets

[+] Fixing duplicate ranges

[+] Importing Checkpoint ports objects

[+] Adding ICMP Aliases

[+] Importing all single ports objects.

[+] Importing all port ranges objects.

[+] Importing all net/host/range groups.

Traceback (most recent call last): File "c2c.py", line 171, in c2c.importConfig(args.cpPortsFile,args.cpNetObjFile,args.ciscoFile) File "lib\cisco2checkpoint.py", line 1757, in importConfig self._importNetGroups(self.parser.getNetGroups()) File "lib\cisco2checkpoint.py", line 1834, in _importNetGroups self.addObj(CiscoNetGroup(self, newGrp, color=self.color)) File "lib\cisco2checkpoint.py", line 958, in init for mm_r in parsedObj.result_dict: File "lib\ciscoconfparse_patch.py", line 632, in result_dict .format(name)) NameError: global name 'name' is not defined

[anstelios]

Ok it seems some specific parts of the ASA config was incompatible with migration scripts. I 've managed to narrow it down so all good! Also the final script had some issues with rules creation and some lines had to be removed for each rule and for some service port ranges.

Thank you very much for this great tool which made such a difficult migration much easier!!

[martindube]

Hi anstelios,

I'm glad to see that you found a way to make it work !

I will dig into this when I have more time. Do you remember what was removed to make it work? That would help me a lot.

Thanks,