checkpoint backup /restore

mikeleahy
mikeleahy used Ask the Experts™
on
hi
i have a checkpoint secure platform UTM1-270

i am doing a backup and restore over the web browser access, does anyone know what this backs up? does it cover everthing? config and rules and objects etc?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
From the web interface, this is basically an operating system backup but it does include the CP config at that time

However, as well as these backups I would also take a separate CP config backup

This can be done via the CLI using
$FWDIR/bin/upgrade_tools/upgrade_export <filename>

and can be restored using
$FWDIR/bin/upgrade_tools/upgrade_import <filename>

Note, the web UI backup (a SPLAT backup) does copy some core OS config files from the device but sadly it does not take them all, so bear this in mind when restoring.

With all that said, as long as you restore the backup onto a clean install device on exactly the same version of CP and HFA, it all should work well

Author

Commented:
why wud u also dod a cp config as well if the web backup does it at the time?

Author

Commented:
when i go into the upgrade_tools directory

im typing upgrade_export checkpoint and it says command not found

even though when i type dir, upgrade_export is in there?
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

having a separate backup will allow to restore the CP config on a newly rebuilt device.

Call it belt and braces approach

The SPLAT backup will only restore on another SPLAT device on the same version of CP and HFA.  The CP backup (upgrade_export) can be restored on any device with same version fo CP and HFA installed, ie windows, solaris, linux etc.

So if for whatever reason your SPLAT backup does not restore to your SPLAT device, you can rebuild the SPLAT device using the same OS level settings then restore the upgrade_export file to get you back to a working node.
Can you give us the following info from the dir

pwd
ls -l
./upgrade_export test-file

Let us know how that goes

Author

Commented:
pwd = /opt/cpsuite-r65/fw1/bin/upgrade_tools

ls -l = -rwxrwx--- i root bin 2008 upgrade_export
same for upgrade_import

3rd command works!
Kewl, glad to hear it works

I think you  hit the error before as you were in teh same dir as the binary you want to execute and unless you precede it with "./" it doesnt run

Does that answer your questions?

Author

Commented:
i got it working using the ./upgrade_export filename

how do i get the file off the device to store somewhere?
Use command line FTP is easiest

ftp <FTP server IP address>
(enter username and pass)
bin (to make sure you are using binary mode)
hash (prints hash marks to show prigress, idiot check to make sure traffic is moving otherwise you see nothing)

put <filename>
exit or bye to leave FTP prompt

example to move file test.tgz to server 1.1.1.1

server# ftp 1.1.1.1
(enter Uname and pass)
ftp > bin
ftp > hash
ftp > put test.tgz
###################################################################
transfer completed
ftp >  bye
server#

Author

Commented:
worked great

thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial