Link to home
Start Free TrialLog in
Avatar of shamano
shamanoFlag for Italy

asked on

My Smart Center machine crashed, I lost everything and I need to reinstall Smart Center software

I have a typical CheckPoint Firewall configuration version R55-AI working in a Windows environment, with separate gateway and Smart Center machines. The second badly crashed (HD fault) and i lost everything on it (security policy, objects, etc.). Luckily the gateway machine is working normally. I reinstalled OS, Smart Center and now I have a worrying empty Smart Console. Can I recover security policy, objects and everything else I need from the gateway, and bring them back again onto Smart Center machine as before the crash? If it's possible, how can I manage this delicate operation? I am talking about a working environment, so I need not to create any faults on system.
Thank you in advance for any suggestions.
Avatar of mabutterfield
mabutterfield
Flag of United States of America image

you cannot pull the policy from the firewall down to the smart center.  you'll need to re-create the policy and objects.  I recommend getting the policy as close as you can to what it needs to be.

Then you need to re-set the SIC, and push a new policy.

If you don't remember what you had before, there are ways of pulling stuff out of the firewall and sorting through it manually.

Let me dig through some of my files this afternoon and i'll get back to you.  

Either way, go ahead and start a fresh install of the smart center.
do you still have access to any of the files from the dead smartcenter?  if you do, we can extract the stuff...
Avatar of shamano

ASKER

Thank you for your quick answer, it was like I imagined... unfortunately I can't access files from the dead Smart Center because HD is completely damaged (electric motor is down) and I haven't any backup of that disk. I replaced it with a new one and I did a fresh installation of Windows 2003 Server, Smart Center and of course I didn't reset SIC with the gateway machine. As you can imagine I can't remember security policy, all objects and all NAT rules added or modified over the years, but perhaps there is a way to pull out configuration files from the gateway (I don't know which ones they are, but I think they are many) in a human readable format and re-type them on Smart Console... it's not a nice thing (it will take ages to do), but I really hope so, otherwise I'm in troubles...
find the files 'objects.c' and 'rules.c' in $FWDIR/database

although it won't recover the smart center, it will give you something to work with:

check out the products ofiller and odumper.

http://fireverse.org/?page_id=88

I've used it before to import/export along with dbedit. There's a pretty good tutorial in the files, and you can use it on windows if you copy your files over to the windows box.

Also, you can run cpinfo > textfile.txt

copy that to a windows box and view it.  You should be able to read through it manually to help you re-construct it.

let me know if you need more help, i'll dig up my notes on it later today.
Avatar of shamano

ASKER

Allright, I successfully recovered my objects from "objects.C" file using odumper and I imported them into Smartconsole using ofiller. Unfortunately, as it's also explained in tutorials, the same way doesn't work with "rules.C" file. So I opened that file and I reconstructed security policy and all NAT rules one by one, analyzing every text line (nasty job). Now I have, more or less, the same situation as before Smart Center crash, with the exception of SIC reset and the gateway machine not fully configured. Now I should need some further help:
is it better to complete the gateway configuration from uncomplete data I already have or to delete it and add it again from scratch? In this case, are the rules which already contain gateway references destroyed or damaged?
What is the best and the most secure way to reset SIC without causing any harm?
Thanks again for suggestions
ASKER CERTIFIED SOLUTION
Avatar of mabutterfield
mabutterfield
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of shamano

ASKER

At the moment I haven't the gateway machine accessible, so I have to wait until tomorrow morning to reset SIC and to see what it happens. I think I have rebuilt policy very close to the original, I'm not expecting surprises (I hope).
Regarding the gateway, I found its property panel and its topology panel not fully completed with data (perhaps this is due to SIC lack). I will see tomorrow when I establish communication between the machines.
Thank you very much, I'll let you know the results.
Yes, all you'll have in the gateway properties are what you put in manually.  All you need is name/ip to get started.  Setup your SIC, then make sure to pull the topology, setup anti-spoofing, and VPN settings.

Also, if you use Secure Client/Remote for VPN, your users will have to delete the site and re-create it.

Avatar of shamano

ASKER

Everything is working again! I needed to do some tuning, but now Check Point is working fine.
Thank you very much for your help.