VMware Networking Community
roity57
Enthusiast
Enthusiast

Migrating Firewall policies from Juniper SRX to NSX

G'day,

Has anyone had any experience with exporting Juniper SRX firewall rule sets to import into NSX?  I was thinking of using the XML export of some form or via conversion to CSV via Excel to be massaged into something that could be used by PowerNSX to create the objects and policies into the DFW.

Cheers,

Dave

Tags (2)
Reply
0 Kudos
3 Replies
tanurkov
Enthusiast
Enthusiast

HI Yes you can do it via API , create multiple rules in DFW.

Reply
0 Kudos
cnrz
Expert
Expert

Juniper SRX has zone concept, which NSX doesn't use, and  would make automatic conversion difficult, but it may be possible to convert some objects through 2 steps as 1st step converting to Checkpoint with Smartmove tool, then after using the link below script  for Checkpoint to NSX conversion.

If possible conversion to a non-zone configuration could be helpful

https://www.juniper.net/documentation/en_US/junos/topics/concept/zone-security-understanding.html

https://forums.juniper.net/t5/Automation/SRX-How-to-convert-zone-based-address-books-to-a-global-one...

https://community.checkpoint.com/thread/6192-how-to-migrate-juniper-configuration-to-check-point-r80...

https://github.com/CheckPointSW/SmartMove

http://www.sneaku.com/2015/02/06/scripting-nsx-v-importing-checkpoint-objects/

roity57
Enthusiast
Enthusiast

G'day,

I'm not really concerned with the Zone based configuration, I've already had to review this issue of NSX not supporting zone constructs but this can be addressed logically & Global Address books are already in use.  Zones will be catered for by naming objects appropriate within NSX and putting all intra-zone policies at the top so the zoning concepts can be pulled across.

I'll have to take a closer look at the conversion to Checkpoint and re-conversion to NSX.

Cheers,

Dave

Reply
0 Kudos