Scripting: NSX-v – Importing Checkpoint Objects


When faced with migrating from a Checkpoint installation to a VMware NSX-v installation, at some point someone is going to need to get all the objects across to the new firewall platform. I was recently asked to help add some functionality to a script to take some data from an odumper csv output and pump it into NSX-v.

The following script is a bit of a hack I put together. The script is based off one written by Brett Drayton (www.brettdrayton.com) in this post.

The odumper csv file we had to work with was as follows

There are 2 “types” of object in this csv file, host and group. These are specified in the 2nd column.

To run the script you need to supply the NSX Manager hostname, FQDN or IP address along with the csv file you want to import. You can see the all the options by running the script with the -h flag. Below is the help output.

What the script does is reads the csv file line by line, and if the 2nd column is host, it will add an NSX-v IP Set for that host. When it finds a line which has group specified in the 2nd column, it will add the host specified in column 3 to the NSX-v Security Group specified in column 1.

At this point in time, the script assumes the Security Group already exists.

Its a bit of a hack at this point in time, but it achieved the desired outcome that was needed. I will be improving this script over time so that it will be more modular, import the complete range of objects from the odumper output and will also build some logic into it to check to see if the objects already exist before trying to create them etc.

So stay tuned for updates on this one!

 

 

 

Leave a Reply