[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]
[fw1-gurus] Object Filler v2.4 released!
-----BEGIN PGP SIGNED MESSAGE-----
Hi everybody!
I am happy to announce the availability of Object Filler and Object
Dumper version 2.4 - Please find attached the "What's New" doc.
For those of you that don't know the tools, Object Dumper is a tool
that "dumps" the configuration (objects an rules) of your Check Point
SmartCenter to a CSV format.
Object Filler can convert configurations from other firewall brands
(Such as PIX, Netscreen, Sidewinder, Raptor and Gauntlet) to a Check
Point format; and as well can assist on bulk creation/modification/moves
for rules and objects of your SmartCenter and Provider-1 environments.
The tools are free (as in free beer) and publicly available at the
following sites:
http://www.cpug.org (under "Check Point resources")
http://ofiller.chatscope.com (in the downloads section)
http://www.lindercentral.com/ofiller
The size of the package is: 7,445,314 bytes
The MD5 signature for it is: 013B1B7A5EE24DB33212951E08D539BE
The tools come with documentation, and a Tutorial guide that describes
step-by-step how to perform some of the basic and some of the most
powerful operations with them. For Provider-1 users, the documentation
on how to do such operations on a Provider-1 environment is included
as well in a separate document.
For those of you that already know the tools, the main thing on this
version is the full support for security rules. There are some small
limitations though (mainly on naming) and they are documented in the
manual, so please be sure of checking them out if you plan to use this
feature. Things promised before such as native Solaris binaries,
enhanced support to import rules from Cisco PIX (including extended
ACLs), full support to colors and comments for all objects, support
to source ports on services, and support to Edge objects are finally
here too.
The documentation has been enhanced as well. The Tutorial now includes
a section on how to work with policies (adding rules to an existing
policy or moving/modifying existing policies for example), and how to
recover information from gateways when the SmartCenter has crashed.
The Tutorial for Provider-1 now includes a section on how to move
from a CMA to a SmartCenter rules and objects, something that has
been requested several times.
As a reminder, please remember that even though the tools work fine
and have been tested, they are NOT officially supported by Check
Point nor anybody else - which as you know, it means that you may
not call Check Point support on this, and if something goes wrong,
you are "officially" on your own... - but you can always ask on the
forums and even the author, and an answer would be there... :-)
Enjoy! - and a successful and joyful 2007 to all of you!
- - Martín.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQCVAwUBRZyE+wSuTAgEVOjZAQEGrQP/Suw+XJVPAHiKuyrsqm3rTCavEm4jmyu9
lDwY+ficyPECrtgI4OwWVRM+qT5zRon4b5+GVNRihpnuzdqX+0rmQ2HEWDGNQvr3
1RRdUBFaJtiMSGgCCUSW5oZIM2vg9YxFrvceiIBllb1XihU2bLpa6tu31t2WLzqn
66IKqx7ofAU=
=O84R
-----END PGP SIGNATURE-----
--
**** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today
to save water? - O que você têm feito hoje para conservar a água?
** Mi página web: http://gama.fime.uanl.mx/~mhoz/
** Mi blog: http://cuevademhoz.blogspot.com/index.html
* "Somos consecuencia del pasado, y causa de nuestro futuro."
** "E no final das contas, como diz um sábio persa, o amor é uma
doença da qual ninguém quer livrar-se" - Paulo Coelho.
** My Linux - http://www.slackware.com == My BSD - http://www.openbsd.org
******************************************************************************
* Unofficial/unsupported Object Filler and Object Dumper for Check Point's *
* SmartCenter Server and Provider-1 MDS - Developed by Martin Hoz *
* (c) 2003-2006 by Check Point Software Technologies, Ltd. and subsidiaries *
******************************************************************************
* Version 2.4 - December 2006 *
******************************************************************************
******************************************************************************
What's New
------------------------------------------------------------------------------
* Object Filler
------------------------------------------------------------------------------
- FIXED LIMITATION: Object Groups and Service Groups are properly recognized
with Colors and comments.
- FIXED LIMITATION: When importing configurations from Cisco PIX, now it is
supported to have groups defined, even when importing rules. In General,
importing rules from Cisco PIX has been *greatly* enhanced.
- FIXED BUG: Network objects (network type) with the same IP but different
netmask are now properly differentiated. Previously they were mistakenly
taken as duplicates.
- FIXED BUG: Now it recognizes correctly the "replies" setting for services.
- Solaris SPARC is now supported. Fixed several internal bit-to-bit operations
(to deal with little to big endian representations) so they can work fine
there, and compiled the tools under Solaris 2.8 SPARC.
- Now the tool recognizes "disabled_sec_rule" and process it appropriately.
- Enhanced support for Connectra devices. Now it recognizes Connectra NGX and
administration port.
- Now it supports objects representing InterSpect NGX devices.
- Regular VPN-1 Edge objects are now supported.
- Source port for TCP and UDP services is now properly recognized and
processed.
- Resource objects are now recognized, with some limitations (see the User's
Manual for more information).
- Full support for Security Rules, including rules with resources, with user
groups as sources and negated cells.
- When "No Policy Verification" (nopv) is used, it causes not to check for
duplicates while processing CSV files. Avoids issues especially when
processing rules.
------------------------------------------------------------------------------
* Object Dumper
------------------------------------------------------------------------------
- FIXED LIMITATION: Recognizes "User Defined 2" and "User Defined 3" as a
valid track option in rules.
- FIXED LIMITATION: Object and Service Groups are properly recognized with
Colors and comments.
- FIXED LIMITATION: All object colors are now properly recognized.
- The tool now recognizes disabled rules, and print them as "disabled_sec_rule".
- FIXED LIMITATION: Work with policy files, not needing to specify an objects
file in the Command line. The "-p" switch can be used by itself.
- Added Support for Groups while processing the objects.C found in gateway
machines under the $FWDIR/database directory - Useful for recovering
objects from the Gateway, when SmartCenter has been crashed and no backup is
available.
- Enhanced support for Connectra devices. Now it recognizes Connectra NGX and
administration port.
- Now it supports objects representing InterSpect NGX devices.
- Source port for TCP and UDP services is now properly recognized.
- Regular VPN-1 Edge objects are now supported
- Resource objects are now recognized, with some limitations (see the User's
Manual for more information)
- Full support for Security Rules, including rules with resources, with user
groups as sources and negated cells.
------------------------------------------------------------------------------
* Documentation
------------------------------------------------------------------------------
- Documentation updated to reflect the new things supported.
---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://fw1-gurus.phoneboy.com/)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
|