diff --git a/CheckPointObjects/RuleBaseOptimizer.cs b/CheckPointObjects/RuleBaseOptimizer.cs
index c4c28d4..7b9f1ef 100644
--- a/CheckPointObjects/RuleBaseOptimizer.cs
+++ b/CheckPointObjects/RuleBaseOptimizer.cs
@@ -15,12 +15,13 @@ You may obtain a copy of the License at
limitations under the License.
********************************************************************/
+using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using CommonUtils;
-
+
namespace CheckPointObjects
{
///
@@ -34,9 +35,13 @@ namespace CheckPointObjects
/// 5.1. both the source and destination columns match
/// 5.2. both the source and service columns match
/// 5.3. both the destination and service columns match
+ /// for CiscoASA and FirePower vendors there is an option to optimize by comments -
+ /// two rules can be merged if they have the same comments and in addition they up to the above criteria.
///
public static class RuleBaseOptimizer
{
+
+ public static bool IsOptimizeByComments = false;
public static CheckPoint_Layer Optimize(CheckPoint_Layer originalLayer, string newName)
{
CheckPoint_Layer curLayer = originalLayer;
@@ -67,7 +72,7 @@ public static CheckPoint_Layer Optimize(CheckPoint_Layer originalLayer, string n
return newLayer;
}
-
+
private static void AddRule(CheckPoint_Layer layer, CheckPoint_Rule newRule)
{
bool match = false;
@@ -90,7 +95,7 @@ private static void AddRule(CheckPoint_Layer layer, CheckPoint_Rule newRule)
{
CheckPoint_Rule rule = newRule.Clone();
rule.Layer = layer.Name;
- rule.Comments = "";
+ rule.Comments = IsOptimizeByComments ? rule.Comments : "";
rule.ConversionComments = newRule.ConversionComments;
layer.Rules.Add(rule);
}
@@ -131,7 +136,7 @@ private static CheckPoint_Rule MergeRules(CheckPoint_Rule rule1, CheckPoint_Rule
mergedRule.Track = rule1.Track;
mergedRule.SourceNegated = rule1.SourceNegated;
mergedRule.DestinationNegated = rule1.DestinationNegated;
- mergedRule.Comments = "";
+ mergedRule.Comments = IsOptimizeByComments ? rule1.Comments : ""; // adding or not adding comments by the user request
mergedRule.ConversionComments = rule1.ConversionComments + " | " + rule2.ConversionComments;
mergedRule.ConvertedCommandId = rule1.ConvertedCommandId;
mergedRule.ConversionIncidentType = ConversionIncidentType.None;
@@ -178,9 +183,15 @@ private static int GetFirstRuleWithSameAction(CheckPoint_Layer layer, CheckPoint
return (matchedRules == 0) ? -1 : (pos + 1);
}
-
+
private static bool IsRuleSimilarToRule(CheckPoint_Rule rule1, CheckPoint_Rule rule2)
{
+ // Optimizing by comments - checks if comments of the two rules are matched and not empty
+ if (IsOptimizeByComments && rule1.Comments != rule2.Comments || IsOptimizeByComments && string.IsNullOrEmpty(rule1.Comments))
+ {
+ return false;
+ }
+
if (rule1.Action != rule2.Action)
{
return false;
@@ -276,9 +287,11 @@ private static string OptimizeConverstionComments(string commentToProcess)
commentBuilder += ", " + comments_parts[i];
}
- }
- else
- return commentToProcess.Trim();
+
+ }
+ else
+ return commentToProcess.Trim();
+
}
return commentBuilder == "Matched rule(s)" ? "" : commentBuilder;
diff --git a/CiscoMigration/CiscoCommands.cs b/CiscoMigration/CiscoCommands.cs
index c79fa5b..aa254a6 100644
--- a/CiscoMigration/CiscoCommands.cs
+++ b/CiscoMigration/CiscoCommands.cs
@@ -19,7 +19,9 @@ limitations under the License.
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
+using CheckPointObjects;
using CommonUtils;
+using MigrationBase;
namespace CiscoMigration
{
@@ -124,7 +126,7 @@ public string FirstWord
public ConversionIncidentType ConversionIncidentType { get; set; }
public string ConversionIncidentMessage { get; set; }
public List Children { get; set; }
-
+
public CiscoCommand()
{
CiscoId = "";
@@ -2231,11 +2233,11 @@ public override void Parse(CiscoCommand command, CiscoCommand prevCommand, Dicti
return;
}
-
+
if (prevAclCommand != null && ACLName.Equals(prevAclCommand.ACLName) && !string.IsNullOrEmpty(prevAclCommand.DataForNextElement))
{
Remark = prevAclCommand.DataForNextElement;
-
+
if (CiscoParser.SpreadAclRemarks)
{
DataForNextElement = Remark;
diff --git a/CiscoMigration/CiscoConverter.cs b/CiscoMigration/CiscoConverter.cs
index 10c6c3f..1d9d1ba 100644
--- a/CiscoMigration/CiscoConverter.cs
+++ b/CiscoMigration/CiscoConverter.cs
@@ -24,6 +24,7 @@ limitations under the License.
using CheckPointObjects;
using MigrationBase;
using System.Globalization;
+using System.Runtime.InteropServices;
using System.Threading;
using CiscoMigration.CiscoMigration;
using static CheckPointObjects.CheckPoint_Rule;
@@ -47,7 +48,7 @@ public class CiscoConverter : VendorConverter
#region GUI params
public bool SkipUnusedObjects { get; set; } //check if Optimized configuration is requested
-
+
#endregion
#region Helper Classes
@@ -5738,7 +5739,7 @@ private void Add_Optimized_Package()
foreach (CheckPoint_Layer layer in regularPackage.SubPolicies)
{
string optimizedSubPolicyName = layer.Name + "_opt";
-
+
CheckPoint_Layer optimizedLayer = RuleBaseOptimizer.Optimize(layer, optimizedSubPolicyName);
foreach (CheckPoint_Rule subSubRule in optimizedLayer.Rules)
{
diff --git a/CiscoMigration/CiscoParser.cs b/CiscoMigration/CiscoParser.cs
index bfcff87..6fd129a 100644
--- a/CiscoMigration/CiscoParser.cs
+++ b/CiscoMigration/CiscoParser.cs
@@ -35,6 +35,8 @@ public class CiscoParser : VendorParser
//if we are using cisco code for fire power vendor we need set this flag to true value
public bool isUsingForFirePower { get; set; } = false;
+ #region Private Members
+
#region Helper Classes
private class Indentation
@@ -51,14 +53,14 @@ public Indentation(int? id, int spaces)
#endregion
- #region Private Members
+
private IList _ciscoCommands = new List();
private Dictionary _ciscoIds = new Dictionary();
private Dictionary _ciscoAliases = new Dictionary();
public static bool SpreadAclRemarks = false;
-
+
#endregion
#region Public Methods
diff --git a/SmartMove/CommandLine.cs b/SmartMove/CommandLine.cs
index 6946c91..336993f 100644
--- a/SmartMove/CommandLine.cs
+++ b/SmartMove/CommandLine.cs
@@ -13,6 +13,7 @@
using System.Text.RegularExpressions;
using CommonUtils;
using System.Threading;
+using CheckPointObjects;
namespace SmartMove
{
@@ -110,6 +111,7 @@ public bool IsAnalyze
private bool _isInteractive = true;
private bool _isCiscoSpreadAclRemarks = false;
+ private bool _isOptimizeByComments;
#endregion
public int DisplayHelp()
@@ -129,6 +131,7 @@ public int DisplayHelp()
Console.WriteLine("\t" + "-f | --format" + "\t\t" + "format of the output file (JSON[default], TEXT)");
Console.WriteLine("\t" + "-i | --interactive" + "\t" + @"-i false | -i true [default] Interactive mode provides a better user experience.Disable when automation is required[enabled by default]");
Console.WriteLine("\t" + "-a | --analyzer" + "\t\t" + @"mode for analyze package");
+ Console.WriteLine("\t" + "-obc | --optimize-by-comments" + "\t" + @"(""-obc false"" | ""-obc true"" [default]) create optimized policy by comment and spread acl remarks - only for CiscoASA, FirePower");
Console.WriteLine();
Console.WriteLine("Example:");
Console.WriteLine("\t" + "SmartMove.exe –s \"D:\\SmartMove\\Content\\config.txt\" –v CiscoASA - t \"D:\\SmartMove\\Content\" –n true -k false -f json -a");
@@ -459,6 +462,23 @@ public CommandLine Parse(string[] args)
this.isAnalyze = true;
break;
}
+ case "-obc":
+ case "--optimize-by-comments": // adding flag to optimize by comments option
+ {
+ if (args[i] == args.Last())
+ {
+ _successCommands = false;
+ Console.WriteLine("Value for option --optimize-by-comments is not specified! ", MessageTypes.Error);
+ }
+ else if (bool.TryParse(args[i + 1].ToLower(), out _isOptimizeByComments))
+ break;
+ else
+ {
+ _successCommands = false;
+ Console.WriteLine("Value for option format is not corrected! Allow only 'true' or 'false' ", MessageTypes.Error);
+ }
+ break;
+ }
}
}
return this;
@@ -533,10 +553,17 @@ public void DoAnalyze(CommandLine commandLine)
switch (commandLine.Vendor)
{
case "CiscoASA":
- CiscoParser.SpreadAclRemarks = _isCiscoSpreadAclRemarks;
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments;
+ RuleBaseOptimizer.IsOptimizeByComments = _isOptimizeByComments;
+ // verifying that the user or the default option won't reverse the flag to false if asking optimize by comments option
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments ? true : _isCiscoSpreadAclRemarks;
vendorParser = new CiscoParser();
break;
case "FirePower":
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments;
+ RuleBaseOptimizer.IsOptimizeByComments = _isOptimizeByComments;
+ // verifying that the user or the default option won't reverse the flag to false if asking optimize by comments option
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments ? true : _isCiscoSpreadAclRemarks;
vendorParser = new CiscoParser()
{
isUsingForFirePower = true
@@ -968,10 +995,15 @@ public void DoMigration(CommandLine commandLine)
switch (commandLine.Vendor)
{
case "CiscoASA":
- CiscoParser.SpreadAclRemarks = _isCiscoSpreadAclRemarks;
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments;
+ RuleBaseOptimizer.IsOptimizeByComments = _isOptimizeByComments;
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments ? true : _isCiscoSpreadAclRemarks;
vendorParser = new CiscoParser();
break;
case "FirePower":
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments;
+ RuleBaseOptimizer.IsOptimizeByComments = _isOptimizeByComments;
+ CiscoParser.SpreadAclRemarks = _isOptimizeByComments ? true : _isCiscoSpreadAclRemarks;
vendorParser = new CiscoParser()
{
isUsingForFirePower = true
diff --git a/SmartMove/MainWindow.xaml b/SmartMove/MainWindow.xaml
index 3b19dfb..815799d 100644
--- a/SmartMove/MainWindow.xaml
+++ b/SmartMove/MainWindow.xaml
@@ -226,16 +226,23 @@
+
-
+
+
+
+
+ Click="Go_OnClick" Grid.Column="3" Margin="0,0,-0.2,2.4"/>
+
diff --git a/SmartMove/MainWindow.xaml.cs b/SmartMove/MainWindow.xaml.cs
index c5eccef..b139e37 100644
--- a/SmartMove/MainWindow.xaml.cs
+++ b/SmartMove/MainWindow.xaml.cs
@@ -34,6 +34,7 @@ limitations under the License.
using PanoramaPaloAltoMigration;
using System.ComponentModel;
using CommonUtils;
+using CheckPointObjects;
namespace SmartMove
{
@@ -135,7 +136,20 @@ public bool SkipUnusedObjectsConversion
DependencyProperty.Register("SkipUnusedObjectsConversion", typeof(bool), typeof(MainWindow), new PropertyMetadata(false));
#endregion
+
+ #region OptimizeByCommentsConversion
+ public bool OptimizeByCommentsConversion
+ {
+ get { return (bool)GetValue(OptimizeByCommentsConversionProperty); }
+ set { SetValue(OptimizeByCommentsConversionProperty, value); }
+ }
+
+ public static readonly DependencyProperty OptimizeByCommentsConversionProperty =
+ DependencyProperty.Register("OptimizeByCommentsConversion", typeof(bool), typeof(MainWindow), new PropertyMetadata(false));
+
+ #endregion
+
#region ConvertUserConfiguration
public bool ConvertUserConfiguration
@@ -312,9 +326,11 @@ private void VendorSelector_OnSelectionChanged(object sender, SelectionChangedEv
LDAPAccountUnitBlock.Visibility = Visibility.Collapsed;
CreateServiceGroupsConf.Visibility = Visibility.Collapsed;
SkipUnusedObjects.Visibility = Visibility.Collapsed;
+ OptimizeByComments.Visibility = Visibility.Collapsed;
ConvertUserConfiguration = false;
//Create service groups option
CreateServiceGroupsConfiguration = true;
+
switch (_supportedVendors.SelectedVendor)
@@ -323,11 +339,13 @@ private void VendorSelector_OnSelectionChanged(object sender, SelectionChangedEv
ConfigurationFileLabel = SupportedVendors.CiscoConfigurationFileLabel;
SkipUnusedObjects.Visibility = Visibility.Visible;
//CreateServiceGroupsConf.Visibility = Visibility.Visible;
+ OptimizeByComments.Visibility = Visibility.Visible;
break;
case Vendor.FirePower:
ConfigurationFileLabel = SupportedVendors.FirepowerConfigurationFileLabel;
SkipUnusedObjects.Visibility = Visibility.Visible;
//CreateServiceGroupsConf.Visibility = Visibility.Visible;
+ OptimizeByComments.Visibility = Visibility.Visible;
break;
case Vendor.JuniperJunosOS:
ConfigurationFileLabel = SupportedVendors.JuniperConfigurationFileLabel;
@@ -702,12 +720,13 @@ private async void Go_OnClick(object sender, RoutedEventArgs e)
CiscoConverter ciscoConverter = new CiscoConverter();
ciscoConverter.SkipUnusedObjects = SkipUnusedObjectsConversion;
vendorConverter = ciscoConverter;
+
break;
case Vendor.FirePower:
vendorConverter = new CiscoConverter()
{
isUsingForFirePower = true,
- SkipUnusedObjects = SkipUnusedObjectsConversion
+ SkipUnusedObjects = SkipUnusedObjectsConversion,
};
break;
case Vendor.JuniperJunosOS:
@@ -802,6 +821,24 @@ private async void Go_OnClick(object sender, RoutedEventArgs e)
ConvertedNatPolicyLink.MouseUp += Link_OnClick;
}
}
+
+ if (OptimizeByCommentsConversion)
+ {
+ ConvertedOptimizedPolicyLink.MouseUp -= Link_OnClick;
+ vendorConverter.ExportPolicyPackagesAsHtml();
+
+ // Check to see if there is no converted optimized.
+ if (vendorConverter.RulesInConvertedOptimizedPackage() == vendorConverter.RulesInConvertedPackage() ) // only in case the converted optimize cannot be performed.
+ {
+ ConvertedOptimizedPolicyLink.Style = (Style)ConvertedOptimizedPolicyLink.FindResource("NormalTextBloclStyle");
+ }
+ else // otherwise the link will be clickable.
+ {
+ ConvertedOptimizedPolicyLink.Style = (Style)ConvertedOptimizedPolicyLink.FindResource("HyperLinkStyle");
+ ConvertedOptimizedPolicyLink.MouseUp += Link_OnClick;
+ }
+ }
+
if (ExportManagmentReport && (typeof(PanoramaConverter) != vendorConverter.GetType() && typeof(FortiGateConverter) != vendorConverter.GetType()))
{
vendorConverter.ExportManagmentReport();
@@ -1064,6 +1101,13 @@ private void HandleCommandLineArgs()
CiscoParser.SpreadAclRemarks = true;
break;
}
+
+ if (arg.Equals("is-optimize-by-comments", StringComparison.InvariantCultureIgnoreCase))
+ {
+ CiscoParser.SpreadAclRemarks = true;
+ RuleBaseOptimizer.IsOptimizeByComments = true;
+ break;
+ }
}
if (hasArgs && !CiscoParser.SpreadAclRemarks)
@@ -1119,7 +1163,22 @@ public static void ShowMessage(string message, MessageTypes messageType, string
messageWindow.ShowDialog();
canCloseWindow = true;
}
-
+
+
#endregion
+
+ private void OptimizeByComments_Checked(object sender, RoutedEventArgs e)
+ {
+ if (OptimizeByCommentsConversion)
+ {
+ CiscoParser.SpreadAclRemarks = true;
+ RuleBaseOptimizer.IsOptimizeByComments = true;
+ }
+ else
+ {
+ CiscoParser.SpreadAclRemarks = false;
+ RuleBaseOptimizer.IsOptimizeByComments = false;
+ }
+ }
}
}
diff --git a/SmartMove/SmartMove.csproj b/SmartMove/SmartMove.csproj
index e2c0a24..13a176f 100644
--- a/SmartMove/SmartMove.csproj
+++ b/SmartMove/SmartMove.csproj
@@ -177,6 +177,10 @@
+
+ {d5c34605-141d-47f9-a838-c7b9470236a1}
+ CheckPointObjects
+
{2221dbe4-0775-4bbd-9cbc-33a20e0a09e7}
CiscoMigration