Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management? Have you ever backed up the firewall policy residing on the SmartCenter? If you have then you know the hassles of connecting to the server, doing an upgrade_export, copying the files off of the server, and then having to make time to repeat these tasks daily. I have seen more firewall admins skip backups of the SmartCenter just because there is not a clean easy way to do the upgrade_export automatically.
I have written a 100% FREE
, easy to use program to assist in running and automating
the upgrade_export process (see download link below).
The program is called the BMPTS- CP BackupInator or BMPTS-CPBI
. The CPBI is designed to be user friendly and easy to install.
CPBI is designed for firewall administrators
, and you must have a good understanding of network shares and permissions
to use it correctly.
The CBPI is installed by extracting the zipped files to a location of your choosing onto
the SmartCenter Server ( Microsoft Windows 2000 – 2008
After you have extracted the files, run the help file called CPBackupInator Use.mht
. This help file is a basic web archive file that will show you how to configure and run the CPBI correctly.
As suggested in this help file, before you begin to use or configure the software, you should establish a service account
(account with access to run the EXE’s on your SmartCenter, as well as Read/Write permissions to your desired backup location). The service account DOES NOT
need firewall access, only enough access to execute upgrade_export.exe and the CBPI exe’s. In most cases general user access is all that is required on the SmartCenter server. Read/Write
required to the backup location.
After familiarizing yourself with the help file, run the configuration file called CPBackupInatorCfg.exe
. This file will allow you to set file names, the backup location, the location of the upgrade_export.exe, and SMTP settings (optional).
After you have chosen your desired settings, run the main executable called CPBackupinator.exe
. This is a command line exe and will not popup a GUI, but it may popup a command window, depending on your system settings.
If you have configured your settings correctly you should see a firewall backup be created in the specified backup location within a few minutes of running CPBackupinator.exe. (Time to complete backup is dependent on SmartCenter size and configuration.) If you chose to configure and use SMTP you should receive an email when the backup starts, and when the backup is verified complete.
** NOTE file verification is ONLY to verify that the file has been written. CPBI CANNOT read your firewall backup, or verify the actual backup content.
When you have successfully configured the software, and are seeing backups successfully completed, you can automate the process by adding a standard windows task to run CPBackupinator.exe. Remember to schedule your task when the firewall administrators are NOT
likely to be in the firewall management interface. The Checkpoint upgrade_export.exe does stop the firewall services on the management server.
**NOTE If a firewall administrator is connected when the upgrade_export.exe function runs, they will be disconnected and all non-saved changes lost!
A few things to remember:
Service Account Access (Firewall) – The service account that is running the scheduled task and the CPBackupinator.exe does not need and SHOULD NOT HAVE firewall access.
Service Account Access (Server) – The service account that is running the scheduled task DOES need Read/Write access to the backup location & the ability to start all EXE’s on the SmartCenter server.
Credential Storage – CPBI does not store or recall any credentials by design. As a result the SMTP settings must be configured as anonymous, even if the service account running the scheduled tasks has a valid email account. If you have any questions please see your email administrator for more information on anonymous SMTP..
SMTP and Email Issues – Check your Junk mail! If everything seems to be working, but you are not getting any emails from the product, check your junk mail. Since the SMTP settings are anonymous some junk email filters send the messages to the outlook junk mail folder. Please check your SMTP & junk mail settings with your email administrator.
Distribution & Transfer – This is a FREE program, please help keep it that way! You may use as many copies of this software as you like. You may NOT distribute the software. You may link to the download of the software, but you MAY NOT frame the download within your own site, or attempt to pass the software as your own.
Feel free to share it with others by referencing this article and or the link location. You are NOT permitted to host the file directly. BMPTS.com does host this download in multiple locations; however it is always free and should never require payment or registration outside of the hosting site.
(For example: You may have to register and pay for an Experts Exchange account to access this article, but it is NOT a requirement to receive the software.)
Copyright & licensing – The CPBackupInator (CPBI) and its supporting files are owned by BMPTS.COM. Other executable(s) that the program calls are the property of their respective companies.
** Use of this program does not guarantee nor grant the right to use any other program or any other companies’ property! **
Support – The program is provided AS IS and support questions should be posted on Experts Exchange or through bmpts.com’s contact us page. I will make every attempt to answer questions quickly. To request any custom program changes please use bmpts.com.
I hope you enjoy the software as much as I enjoyed writing it, and I hope it makes your life as a firewall administrator just a little bit easier! If you have any suggestions or comments please let me know!
Here is the link enjoy! (click to download)
Download BMPTS-CPBI from BMPTS.com