This collection of programs is to allow easy bulk conversion form ScreenOS (Netscreeens) to Junos (SRX's).
git clone [email protected]:greyinghair/screenos_to_junos_converter.git
Requirements: Python >= 3.6 < 3.8)
Put entire firewall config into file, not for partially converting config.
- NAT (neither MIP's/DIP's/Interface NAT). (Any policies which include NAT config: source NAT, destination NAT & DIP rules will be created minus the NAT config. Firewall rules with MIP as destination will NOT be created at all.)
- Global rules
- Disabled rules
- Interfaces
- VPNs
- Routes
The Netscreen config needs to be gone through manually for any rules with "dip", "nat" or "MIP" in them to create relevant NAT policies in Junos.
Config which is converted from ScreenOS format to JunOS:
- Services/Applications
- Addresses
- Address Groups
- Rules
Put config to convert into "netscreen_config.txt" then run the python script: python3 ./convert.py
There will be 1 file output to same directory as the convert.py script resides in:
converted_<date>_<time>.txt
You can then copy and paste the entire output fro the converted file into your SRX.
Converted rules are named the same as the current Netscreen policy ID's so manually inspect a few rule conversions to verify they were converted correctly.
Lookups are not performed nor are sanity checks against zone naming. It is presumed zone naming remains the same across both ScreenOS and JunOS systems, except for the zone named "Management", which is reserved in Junos so if that name exists as a zone in ScreenOS config it will be changed to "System-Management" for JunOS.