Checkpoint Firewall Backup

Hi All,

I'm in need of some assistance.  I want to get a backup of my checkpoint configuration.  We are planning for disaster recovery and I need these files off site.  I've logged on as admin in expert mode.  

I've tried to export the configuration file from the Smart Dashboard, but don't see a 'browse' button.  My checkpoint config is running on Linux, not Windows.

Thanks in advance.
LVL 1
jsctechyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grimkinCommented:
Hi,

The best thing to do is take an upgrade_export - this will take your config and is totally platform-independent, should you decide in the future to change your OS.

Log in to the box in expert admin mode and run the following command:

$FWDIR/bin/upgrade_tools/upgrade_export -d <backup_name>

(the -d prints debug info to the console - not necessary but if by chance the upgrade_export should fail then it's nice to know why!)

This will run and create a .tgz file in the current working directory which you should ftp off the machine and keep in a secure place. It can be restored to any box by ftp'ing it back on and running the "$FWDIR/bin/upgrade_tools/upgrade_import <filename>" command.

It's also worth testing that your export works - I do this by creating a Checkpoint VM with SecurePlatform and importing the exported file to make sure there are no errors.

You can also take a belt and braces approach and perform a system backup too - if you're using SecurePlatform then you can do this via the web gui, otherwise use the standard linux backup.

Hope this helps!
0
jsctechyAuthor Commented:
Will that work on R55?
0
grimkinCommented:
Yes, shouldn't be any different at all. It's worth bearing in mind though that R55 is no longer supported by CheckPoint at all and if possible then you should look at upgrading to R65 or R70.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

jsctechyAuthor Commented:
okay, I'm in the bin folder, but don't see upgrade_tools
0
grimkinCommented:
Are you sure you are in the $FWDIR/bin directory? Not the /usr/bin?

If not, check to see if it is in a different dorectory:

find / -name upgrade_export

If its not there, it will be on your installation CD or you can download it from Checkpoint's website - the binary is included in the upgrade_verifier bundle - here is the one you would need: http://www.checkpoint.com/techsupport/downloads/bin/firewall1/r55/upgrade/upgrade_checker_B541000019_1_linux.tgz
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jsctechyAuthor Commented:
Okay- I might have to download it, not listed in either BIN folder.  I do have a BACKUP folder- but that isn't the same, is it?
0
grimkinCommented:
no, thats totally different ..
0
vadirajjCommented:
hi jsctechy,

Please make note that upgrade_export script is updated with every release, use the latest one to be sure that you can restore the backup. This tool just backsup all the rules base and any configuration changes that you may have done except the Routes.

Note: Routes is applicable only if your firewall Module and Smartcenter are on the same box, you have to backup the ROUTES on the Firewall seperatly.

Vadi
0
grimkinCommented:
Using the latest upgrade_export is only a good idea if you are actually upgrading your version of Checkpoint. If you are remaining with the same CP version then this is *not* advised.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.