CheckPoint SPLAT to Gaia migration script

CheckPont Gaia firewalls have new text-based configuration format.
Here you can download a script, that converts most of configuration on SPLAT system to new Gaia CLI commands, that can be pasted on to new system.

Script converts following data:

Interfaces (including bonding and vlans)
Routing
DNS
NTP

Bonding parameters and timezone data have to be preconfigured.

Script does not modify anything on the system, so it can be safely run on production systems.

Donwload:
splat2gaia.sh

CheckPoint Gaia SNMP configuration

Here is an example of SNMPv3 configuration in CheckPoint Gaia Appliace:

[code]
set snmp agent on
set snmp contact “zzzz@domain.com”
set snmp location “Middle of nowhere”
add snmp address 123.34.56.78
set snmp agent-version v3-Only
add snmp usm user snmpv3user security-level authPriv auth-pass-phrase 111222333 privacy-pass-phrase 555666777
[/code]

To use less secure version of SNMP v1/v2 use following commands:

[code]
set snmp agent on
set snmp contact “zzzz@domain.com”
set snmp location “Middle of nowhere”
add snmp address 123.34.56.78
set snmp agent-version any
set snmp community snmpv2community read-only
[/code]

Replace 123.34.56.78 with Firewall’s interface IP which is going to answer the SNMP requests. This command may be omitted – then SNMP will listen on all interfaces.

If you want to enable SNMPv3 only you might want to remove the default “public” community from configuration file, but after changing the agent-version to v3-Only the firewall will reject your command:

[code]
delete snmp community public read-only
NMSSNM0075 SNMP v3-Only does not accept community strings.
[/code]

To work around this issue, just execute:

[code]
set snmp agent-version any
delete snmp community public read-only
set snmp agent-version v3-Only
[/code]