Cisco2Checkpoint icon indicating copy to clipboard operation
Cisco2Checkpoint copied to clipboard
verified publisher icon GoSecure

ILLEGAL_DIC issue

Open mjardeli opened this issue 8 years ago • 0 comments

Hi Martin,

Long time since my last message. I solved this issue changing the original object name, sending this to you just to let you know.

the following config lines are not parsing:

object-group network HPT_HOSTS
 network-object host 10.6.20.31

access-list Inbound extended permit ip object-group HPT_HOSTS any

as per follow:

root@splunk:~/c2c# python2.7 c2c.py --verify --format text --ciscoFile 'test' --syntax asa --policy My_Policy --installOn My_Firewall --output 'network_script_verify.txt'
#[+] Importing all objects except groups.
#[+] Importing Checkpoint network objects
#[+] Importing all names.
#[+] Importing all hosts.
#[+] Importing all networks.
#[+] Importing all ranges.
#[+] Fixing duplicate names
#[+] Fixing duplicate IP addresses
#[+] Fixing duplicate subnets
#[+] Fixing duplicate ranges
#[+] Importing Checkpoint ports objects
#[+] Adding ICMP Aliases
#[+] Importing all single ports objects.
#[+] Importing all port ranges objects.
#[+] Importing all net/host/range groups.
#[+] Importing all protocol groups.
#[+] Importing all port groups.
#[+] Importing all NAT rules.
#[+] Importing all firewall rules. (access-list)
Traceback (most recent call last):
  File "c2c.py", line 171, in <module>
    c2c.importConfig(args.cpPortsFile,args.cpNetObjFile,args.ciscoFile)
  File "lib/cisco2checkpoint.py", line 1765, in importConfig
    self._importASAACLRules(self.parser.getACLRules())
  File "lib/cisco2checkpoint.py", line 1882, in _importASAACLRules
    forceLog = self.forceLog))
  File "lib/cisco2checkpoint.py", line 1255, in __init__
    self._buildFromParsedObj(parsedObj)
  File "lib/cisco2checkpoint.py", line 1299, in _buildFromParsedObj
    self.src = self._getSrc(parsedObj)
  File "lib/cisco2checkpoint.py", line 1317, in _getSrc
    return [self._getOrFailMemberObj('object-group',parsedObj.src_addr)]
  File "lib/cisco2checkpoint.py", line 526, in _getOrFailMemberObj
    'named "%s" for group %s' % (type,v1,self.name))
cisco2checkpoint.C2CException: Could not find mandatory "object-group" object named "HPT_HOSTS" for group Inbound

Seems it is changing the ilegal word but not using later.

kind regards,

mjardeli avatar Jul 20 '17 16:07 mjardeli