Solved

How to backup checkpoint Firewall

Posted on 2013-01-07
9
4,250 Views
Last Modified: 2013-11-07
How to backup checkpoint (UTM-1 450 C2-C)

This FW is an old unit but core unit. This unit handles our FW/DMZ/URL-filtering/ClientVPN. I am new to Checkpoint, how do I properly backup the whole unit and its configurations.  I am using SmartDashboard R70 to connect to the device. Since it is different from the ASA ASDM, I wanted to know how to see the detailed list of the Access list and routing table.
0
Comment
Question by:Mike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 20

Assisted Solution

by:netcmh
netcmh earned 75 total points
ID: 38753340
Have you read http://www.checkpoint.com/smb/help/utm1/8.0/453.htm ?

From the above page:

Click Setup in the main menu, and click the Tools tab.

The Tools page appears.
Click Export.

 A standard File Download dialog box appears.
Click Save.

The Save As dialog box appears.
Browse to a destination directory of your choice.
Type a name for the configuration file and click Save.

The *.cfg configuration file is created and saved to the specified directory.
0
 
LVL 14

Assisted Solution

by:grimkin
grimkin earned 225 total points
ID: 38753874
Hi.

There are a few different ways of doing this:

1) Backup through the web gui - this will allow you to take as config backup which you can then restore to a new install on the same (or same model of) machine. Obviously its a good idea to move the backups off to a different location.

2) Snapshot through the web gui - this will create a system snapshot which you can then revert to, again using the web gui

3) An upgrade export - this will backup the internal CA and firewall configuration but not OS level stuff, i.e. interface config, hostname etc. This can then be used to create your smartcenter on a different machine and / or platform - this is essential for disaster recovery. Details for this are available on the knowledge base but generally you will go into the $FWDIR/bin/upgrade_tools/ directory and run the following: "migrate export mybackupname" - this creates mybackupname.tgz which you can then move off the machine to keep for a disaster recovery situation.

Hope this helps.

G
0
 

Author Comment

by:Mike
ID: 38760545
Thanks. Currently I only have access to this through "checkpoint SmartDashboard". Is there a way I can backup using the smartDashboard?
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 14

Assisted Solution

by:grimkin
grimkin earned 225 total points
ID: 38762045
Hi,

In short, no. You need to have access to the operating system, not just the checkpoint software. This means either webgui or ssh / console. You can perform a database revision which backs up th current set of firewall rules and objects but again you need os level access to move it off the machine.

Hath.
0
 

Author Comment

by:Mike
ID: 38763803
I wll try to get the ssh working. If get it working, what is the command I need to use to backup the entire system and configuration. Thanks.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 38765357
Using ssh, you can console in and run the command backup. The backup will be found in /var/log/CPbackup/backups
0
 
LVL 14

Accepted Solution

by:
grimkin earned 225 total points
ID: 38766635
You can use the backup command from either standard or expert mode via ssh. To get a list of the options, use the "--h" switch as shown below. You can also have this backup automatically moved off the machine via TFTP / FTP / SCP.

Hope this helps

G

[Expert@trinity]# backup --h
usage:
backup  [-h] [-d] [-l]  [--purge DAYS] [--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off] [--tftp <ServerIP> [-path <Path>] [<Filename>]]
                [--scp <ServerIP> <Username> <Password> [-path <Path>] [<Filename>]]
                [--ftp <ServerIP> <Username> <Password> [-path <Path>] [<Filename>]]
                [--file [-path <Path>] [<Filename>]]


where:
        -d                              Show debug messages
        -l, --logs                      Back up log files
        -h, --help                      Show this help information
        -t, --tftp                      Transfer backup package to TFTP server
        -s, --scp                       Transfer backup package to SCP server
        -v, --ftp                       Transfer backup package to FTP server
        -f, --file                      Specify local backup package filename
        -e, --sched                     Configure scheduled backup operation
        -p, --purge                     Purge local backup packages older than DAYS
[Expert@fwtest]#
0
 

Author Comment

by:Mike
ID: 38852315
I still have issue connecting other than the dashboard. Getting some planned-downtime soon, going to play with this coming weekend to see if I can back it up.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 39631694
Thanks for the grade. Good luck.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question