[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Easy & Automatic Upgrade Export from a CheckPoint Windows SmartCenter (Central Management Server)

Published on
11,549 Points
1 Endorsement
Last Modified:
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_export, copying the files off of the server, and then having to make time to repeat these tasks daily.  I have seen more firewall admins skip backups of the SmartCenter just because there is not a clean easy way to do the upgrade_export automatically.

I have written a 100% FREE, easy to use program to assist in running and automating the upgrade_export process (see download link below).

The program is called the BMPTS- CP BackupInator or BMPTS-CPBI.  The CPBI is designed to be user friendly and easy to install.

CPBI is designed for firewall administrators, and you must have a good understanding of network shares and permissions to use it correctly.

The CBPI is installed by extracting the zipped files to a location of your choosing onto the SmartCenter Server ( Microsoft Windows 2000 – 2008).
After you have extracted the files, run the help file called CPBackupInator Use.mht.  This help file is a basic web archive file that will show you how to configure and run the CPBI correctly.

As suggested in this help file, before you begin to use or configure the software, you should establish a service account (account with access to run the EXE’s on your SmartCenter, as well as Read/Write permissions to your desired backup location).  The service account DOES NOT need firewall access, only enough access to execute upgrade_export.exe and the CBPI exe’s.  In most cases general user access is all that is required on the SmartCenter server.  Read/Write access IS required to the backup location.

After familiarizing yourself with the help file, run the configuration file called CPBackupInatorCfg.exe.  This file will allow you to set file names, the backup location, the location of the upgrade_export.exe, and SMTP settings (optional).

CPBackupInatorCfg.exe - Screen Shot
After you have chosen your desired settings, run the main executable called CPBackupinator.exe.  This is a command line exe and will not popup a GUI, but it may popup a command window, depending on your system settings.

If you have configured your settings correctly you should see a firewall backup be created in the specified backup location within a few minutes of running CPBackupinator.exe.  (Time to complete backup is dependent on SmartCenter size and configuration.)  If you chose to configure and use SMTP you should receive an email when the backup starts, and when the backup is verified complete.

** NOTE file verification is ONLY to verify that the file has been written.  CPBI CANNOT read your firewall backup, or verify the actual backup content.

When you have successfully configured the software, and are seeing backups successfully completed, you can automate the process by adding a standard windows task to run CPBackupinator.exe.  Remember to schedule your task when the firewall administrators are NOT likely to be in the firewall management interface.  The Checkpoint upgrade_export.exe does stop the firewall services on the management server.

**NOTE If a firewall administrator is connected when the upgrade_export.exe function runs, they will be disconnected and all non-saved changes lost!

A few things to remember:

Service Account Access (Firewall) – The service account that is running the scheduled task and the CPBackupinator.exe does not need and SHOULD NOT HAVE firewall access.
Service Account Access (Server) – The service account that is running the scheduled task DOES need Read/Write access to the backup location & the ability to start all EXE’s on the SmartCenter server.
Credential Storage – CPBI does not store or recall any credentials by design.  As a result the SMTP settings must be configured as anonymous, even if the service account running the scheduled tasks has a valid email account.  If you have any questions please see your email administrator for more information on anonymous SMTP..
SMTP and Email Issues – Check your Junk mail!  If everything seems to be working, but you are not getting any emails from the product, check your junk mail.  Since the SMTP settings are anonymous some junk email filters send the messages to the outlook junk mail folder.  Please check your SMTP & junk mail settings with your email administrator.
Distribution & Transfer – This is a FREE program, please help keep it that way!  You may use as many copies of this software as you like.  You may NOT distribute the software.  You may link to the download of the software, but you MAY NOT frame the download within your own site, or attempt to pass the software as your own.
Feel free to share it with others by referencing this article and or the link location. You are NOT permitted to host the file directly.  BMPTS.com does host this download in multiple locations; however it is always free and should never require payment or registration outside of the hosting site.

(For example: You may have to register and pay for an Experts Exchange account to access this article, but it is NOT a requirement to receive the software.)

Copyright & licensing – The CPBackupInator (CPBI) and its supporting files are owned by BMPTS.COM. Other executable(s) that the program calls are the property of their respective companies.

** Use of this program does not guarantee nor grant the right to use any other program or any other companies’ property! **

Support – The program is provided AS IS and support questions should be posted on Experts Exchange or through bmpts.com’s contact us page.  I will make every attempt to answer questions quickly. To request any custom program changes please use bmpts.com.

I hope you enjoy the software as much as I enjoyed writing it, and I hope it makes your life as a firewall administrator just a little bit easier! If you have any suggestions or comments please let me know!

Here is the link enjoy! (click to download)

Download BMPTS-CPBI from BMPTS.com

Thank you,

Featured Post

Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
I've published three five-minute Experts Exchange video Micro Tutorials that describe terrific features in an excellent, free PDF product called PDF-XChange Editor: How to rotate pages in a PDF with free software (https://www.experts-exchange.com…
Next Article:

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month