ScreenOS to JunOS ES scripts?


  • administrators

    Does anyone know of anything out there, or does anyone have any that they have written?

    I know that not all of the features are supported, but I’d like to find something that can convert objects, zone configurations, IP configuration, policies and VPN’s automatically.

    As a side note, the preshared keys for VPN’s is encrypted.  Is it encrypted the same way on both platforms, or would you actually need to know the key when converting VPN’s?

    I can write something if I need to, but I don’t want to duplicate someone else’s work.



  • Differences-JUNOS ES vs Screen OS

    CLI

    JUNOS CLI

    No ‘get’ command, use “show”

    No “unset command”, use “delete”

    CLI commands must be “COMMIT” for configuration changes

    Interfaces

    None of the interfaces are bound to zones by default.

    Interfaces can have IP addresses without zone assignment

    Loopback interfaces cannot be used for NAT and VPN configuration

    No Manage-IP configuration

    Self originated traffic

    Does not require a policy match

    Zones

    Only global zone exists by default

    IPSec

    No ‘compatible’ proposal for P1 and P2

    Tunnel interface “tunnel.x” is secure tunnel interface “st0.x”

    Huge differences in debugging

    System limits

    No artificial limit on configured VPN’s, address book entries, policies etc.

    Good for dynamic configurations

    Bad to determine overall system capacities



  • Basically you can get to the tool by going to migration-tools.juniper.net. You will find that in addition to ScreenOS to JUNOS-ES conversion, there is also IOS to JUNOS-ES and JUNOS to JUNOS-ES conversion.


  • Global Moderator

    I played around with s2jes a bit. It’s cool!


  • Global Moderator

    Ok, you’re the best! Thanks for a great post!


  • Engineer

    @screenie.:

    I’ve heard about that tool, looked for it on the supportsite, not there yet I believe.

    I asked a few engineers at juniper and it is in fact released. A juniper.net login is obviously required but here is the link.

    https://i2j.juniper.net/s2jes

    Good luck guys. Hope this helps.

    -Tim Eberhard


  • Global Moderator

    I’ve heard about that tool, looked for it on the supportsite, not there yet I believe.


  • Engineer

    @signal15:

    Does anyone know of anything out there, or does anyone have any that they have written?

    I know that not all of the features are supported, but I’d like to find something that can convert objects, zone configurations, IP configuration, policies and VPN’s automatically.

    As a side note, the preshared keys for VPN’s is encrypted.  Is it encrypted the same way on both platforms, or would you actually need to know the key when converting VPN’s?

    I can write something if I need to, but I don’t want to duplicate someone else’s work.

    Juniper has a (soon be public if not already public) configuration converter. Hit up your local RE/SE about it to see what your ScreenOS configuration would look like in JunOS.

    A few things are obviously not supported as of yet such as Track-ip and other “to be developed” items but all in all it works well for 99% of ScreenOS configuration.

    Good luck!
    -Tim Eberhard


  • Global Moderator

    Just thought: what if you use NSM for this? Push a policy from a ScreenOS to Junos and all policies and objects should be in the config. VPN’s only when you use VPN manger. But on Junos you have the profiles above the gateway / VPN’s. So automating with full use of this feature seems very hard anyway.


 

49
Online

38.4k
Users

12.7k
Topics

44.5k
Posts