Checkpoint to AFM migration

Question

Hi,&nbsp;
Anyone have migrated from checkpoint to AFM? As per AFM documents it seems that the device works as interface based firewall but any idea what all challenges will be there? &nbsp;
Thanks,&nbsp;

pedro_haoa · Answer

Hi,&nbsp;
I'm afraid that 'til today, there's no easy way to migrate from Checkpoint NGFW to BIG-IP AFM.&nbsp;
In BIG-IP AFM you could configure rules Globally, per Route Domain (if you combine this with Partitions it's similar to Cisco VRF/Isolated Zones/etc), per Virtual Server, per Self-IPs...&nbsp;
BIG-IP AFM is a high-performance, stateful, full-proxy security solution, with Geolocation, Protocol Anomaly Detection, Port-misuse protection, DoS and DDoS protection (DDoS auto-threshold), that can remotely triggered black hole filtering.&nbsp;
More information:&nbsp;
F5 BIG-IP Advanced Firewall Manager Operations Guide&nbsp;

andrew_husking · Answer

This is something i would love to do, but would never get approval for.&nbsp;
Depending on what version you're running your best bet would be to convert outputs from DBedit to TMSH commands. &nbsp;

johannes · Answer

You can export your Checkpoint FW policy to the Cisco ASA migrator to create a set of files that list policies, address-lists and rules, then change those commands from Cisco ASA-nese to F5 tmsh commands.

Forum Discussion

Checkpoint to AFM migration

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

Protecting the F5 BIG-IP AFM system with AFM Protocol Inspection System Checks

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy

Getting Started with BIG-IP Next: Migrating an Application Workload