Hi All,

I am trying to use Confwiz to modify the existing config file of Checkpoint to have large deployment in the range of provisioning 10,000 spoke routers and having some queries related to the information that is getting retrieved.

Network Setup:

10,000 locations which are 3rd party OEM routers are configured for IPSEC VPN with Checkpoint as VPN concentrator. To provision every spoke, I have to configure a network object with LAN/WAN (topology), configure IPSEC parameters (link selection, advanced VPN, VPN communities). After that under "IPSEC VPN Blade" I will have to include the IPSEC parameters (shared secret info) for every object created. This is time consuming and prone to manual error. So I thought of making use of Confwiz to do bulk configuration by modifying "network objects.xml" file to append all the locations in one go and import to the Checkpoint box.

But the "network_object.xml" file only has IP address information (topology) and not IPSEC VPN information like mentioning the VPN community, Link selection and Advanced Properties page.

Also I am not getting separate information regarding "IPSEC VPN Communities" configured under "IPSEC VPN" tab.

Would like to know,

1. Is there any way to modify the existing root schema file so that when it queries the checkpoint and exports the configuration file for "network_object" it should include "IPSEC VPN " related parameters.

2. Is there any way to retrieve "IPSEC VPN" tab configurations in the Checkpoint box.

Thanks in advance
Arun