Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to backup checkpoint Firewall

Posted on 2013-01-07
9
Medium Priority
?
4,911 Views
Last Modified: 2013-11-07
How to backup checkpoint (UTM-1 450 C2-C)

This FW is an old unit but core unit. This unit handles our FW/DMZ/URL-filtering/ClientVPN. I am new to Checkpoint, how do I properly backup the whole unit and its configurations.  I am using SmartDashboard R70 to connect to the device. Since it is different from the ASA ASDM, I wanted to know how to see the detailed list of the Access list and routing table.
0
Comment
Question by:Mike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 21

Assisted Solution

by:netcmh
netcmh earned 300 total points
ID: 38753340
Have you read http://www.checkpoint.com/smb/help/utm1/8.0/453.htm ?

From the above page:

Click Setup in the main menu, and click the Tools tab.

The Tools page appears.
Click Export.

 A standard File Download dialog box appears.
Click Save.

The Save As dialog box appears.
Browse to a destination directory of your choice.
Type a name for the configuration file and click Save.

The *.cfg configuration file is created and saved to the specified directory.
0
 
LVL 14

Assisted Solution

by:grimkin
grimkin earned 900 total points
ID: 38753874
Hi.

There are a few different ways of doing this:

1) Backup through the web gui - this will allow you to take as config backup which you can then restore to a new install on the same (or same model of) machine. Obviously its a good idea to move the backups off to a different location.

2) Snapshot through the web gui - this will create a system snapshot which you can then revert to, again using the web gui

3) An upgrade export - this will backup the internal CA and firewall configuration but not OS level stuff, i.e. interface config, hostname etc. This can then be used to create your smartcenter on a different machine and / or platform - this is essential for disaster recovery. Details for this are available on the knowledge base but generally you will go into the $FWDIR/bin/upgrade_tools/ directory and run the following: "migrate export mybackupname" - this creates mybackupname.tgz which you can then move off the machine to keep for a disaster recovery situation.

Hope this helps.

G
0
 

Author Comment

by:Mike
ID: 38760545
Thanks. Currently I only have access to this through "checkpoint SmartDashboard". Is there a way I can backup using the smartDashboard?
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 14

Assisted Solution

by:grimkin
grimkin earned 900 total points
ID: 38762045
Hi,

In short, no. You need to have access to the operating system, not just the checkpoint software. This means either webgui or ssh / console. You can perform a database revision which backs up th current set of firewall rules and objects but again you need os level access to move it off the machine.

Hath.
0
 

Author Comment

by:Mike
ID: 38763803
I wll try to get the ssh working. If get it working, what is the command I need to use to backup the entire system and configuration. Thanks.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 38765357
Using ssh, you can console in and run the command backup. The backup will be found in /var/log/CPbackup/backups
0
 
LVL 14

Accepted Solution

by:
grimkin earned 900 total points
ID: 38766635
You can use the backup command from either standard or expert mode via ssh. To get a list of the options, use the "--h" switch as shown below. You can also have this backup automatically moved off the machine via TFTP / FTP / SCP.

Hope this helps

G

[Expert@trinity]# backup --h
usage:
backup  [-h] [-d] [-l]  [--purge DAYS] [--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off] [--tftp <ServerIP> [-path <Path>] [<Filename>]]
                [--scp <ServerIP> <Username> <Password> [-path <Path>] [<Filename>]]
                [--ftp <ServerIP> <Username> <Password> [-path <Path>] [<Filename>]]
                [--file [-path <Path>] [<Filename>]]


where:
        -d                              Show debug messages
        -l, --logs                      Back up log files
        -h, --help                      Show this help information
        -t, --tftp                      Transfer backup package to TFTP server
        -s, --scp                       Transfer backup package to SCP server
        -v, --ftp                       Transfer backup package to FTP server
        -f, --file                      Specify local backup package filename
        -e, --sched                     Configure scheduled backup operation
        -p, --purge                     Purge local backup packages older than DAYS
[Expert@fwtest]#
0
 

Author Comment

by:Mike
ID: 38852315
I still have issue connecting other than the dashboard. Getting some planned-downtime soon, going to play with this coming weekend to see if I can back it up.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 39631694
Thanks for the grade. Good luck.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question