Before you convert your FireWall-1 system, read this section carefully. There are certain limitations that you must address before running the conversion utility. You can experience unrecoverable errors that require restarting the migration. Your existing FireWall-1 configurations are not modified by this tool. You must first review your existing FireWall-1 configurations and modify those that will not convert directly to SunScreen rules. This section lists these known limitations.
Check your FireWall-1 configuration files and edit any that contain:
If any of the following reserved characters or words are used, you need to remove or replace them.
The following are known reserved words that must not appear in the FireWall-1 object names, and must be edited prior to conversion:
The following limitations apply when converting FireWall-1 configurations to SunScreen. Some object-types and rules migrate with no difficulty, while others do not. FireWall-1 rules that do not migrate, contain an operation (on the Source, Destination, or Service) that SunScreen does not support. The following table lists what will and what will not migrate from FireWall-1 to SunScreen.
Table 8-1 What Converts From FireWall-1
Does Convert |
Does Not Convert |
---|---|
Host objects |
Resources |
Group objects |
NAT mappings |
Network objects |
Gateway objects |
Most rules |
Encryption and authentication information and rules |
|
Domain objects |
|
Router objects |
|
Switch objects |
|
Logical objects |
|
FW-1 services or user defined services |
|
Install objects |
|
Rules containing any object or service that will not migrate |
|
Using an object type as an object name |