G'day,
Has anyone had any experience with exporting Juniper SRX firewall rule sets to import into NSX? I was thinking of using the XML export of some form or via conversion to CSV via Excel to be massaged into something that could be used by PowerNSX to create the objects and policies into the DFW.
Cheers,
Dave
HI Yes you can do it via API , create multiple rules in DFW.
Juniper SRX has zone concept, which NSX doesn't use, and would make automatic conversion difficult, but it may be possible to convert some objects through 2 steps as 1st step converting to Checkpoint with Smartmove tool, then after using the link below script for Checkpoint to NSX conversion.
If possible conversion to a non-zone configuration could be helpful
https://www.juniper.net/documentation/en_US/junos/topics/concept/zone-security-understanding.html
https://github.com/CheckPointSW/SmartMove
http://www.sneaku.com/2015/02/06/scripting-nsx-v-importing-checkpoint-objects/
G'day,
I'm not really concerned with the Zone based configuration, I've already had to review this issue of NSX not supporting zone constructs but this can be addressed logically & Global Address books are already in use. Zones will be catered for by naming objects appropriate within NSX and putting all intra-zone policies at the top so the zoning concepts can be pulled across.
I'll have to take a closer look at the conversion to Checkpoint and re-conversion to NSX.
Cheers,
Dave