Submit a ticketCall us
Home > Success Center > Firewall Security Manager (FSM) > Firewall Security Manager fails to import Checkpoint firewalls from the Checkpoint Management server or Provider1 CMA

Firewall Security Manager fails to import Checkpoint firewalls from the Checkpoint Management server or Provider1 CMA

Overview

While FSM connects to the Checkpoint Management server or Provider1 CMA, it does not display the install target, and the import process cannot be completed.

Environment

All FSM versions

Cause

FSM is trying to check for the license based on the install target IP address.

Resolution

As a workaround, use the file-based import method:

  1. Copy the configuration files from the remote Checkpoint Management server to the local FSM server:
    1. Connect to the Checkpoint SmartCenter server using SSH or Telnet.
      Note: This is not the Smart Dashboard client GUI. Connect to the server directly.
    2. Find the directory on the server where the Checkpoint Management server software is installed. This may be defined by the $FWDIR environment variable.
    3. Copy the $FWDIR/conf/objects_5_0.C file to your local file system.
      Note: There is also a file called objects.C. This is not the correct file.
    4. Copy the $FWDIR/conf/rulebases_5_0.fws file to your local file system.
  2. Extract the routing table with the cpstat command:
    1. Connect to the Checkpoint Management console.
    2. If you are connecting to a Provider1 system, connect to the Customer Management Add-on (CMA) that manages the firewall.
    3. Enter cpstat os -f routing -h ipAddress > route.txt, where ipAddress is the IP address of the firewall module.
  3. Import these three files into FSM:
    1. In the Import Firewall dialog, select Import from FileSystem as the Import Method and Check Point as the Firewall Type.
    2. Click Next.
    3. In the Configuration Files section, browse to the three files you obtained previously in the corresponding fields.
    4. Click Finish.

For additional information on how to collect these files from a Checkpoint firewall, see the Check Point Firewalls section of the Data Collection help topic.

Last modified
00:30, 4 Jul 2017

Tags

Classifications

Public