• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5051
  • Last Modified:

How to backup checkpoint Firewall

How to backup checkpoint (UTM-1 450 C2-C)

This FW is an old unit but core unit. This unit handles our FW/DMZ/URL-filtering/ClientVPN. I am new to Checkpoint, how do I properly backup the whole unit and its configurations.  I am using SmartDashboard R70 to connect to the device. Since it is different from the ASA ASDM, I wanted to know how to see the detailed list of the Access list and routing table.
0
Mike
Asked:
Mike
  • 3
  • 3
  • 3
4 Solutions
 
netcmhCommented:
Have you read http://www.checkpoint.com/smb/help/utm1/8.0/453.htm ?

From the above page:

Click Setup in the main menu, and click the Tools tab.

The Tools page appears.
Click Export.

 A standard File Download dialog box appears.
Click Save.

The Save As dialog box appears.
Browse to a destination directory of your choice.
Type a name for the configuration file and click Save.

The *.cfg configuration file is created and saved to the specified directory.
0
 
grimkinCommented:
Hi.

There are a few different ways of doing this:

1) Backup through the web gui - this will allow you to take as config backup which you can then restore to a new install on the same (or same model of) machine. Obviously its a good idea to move the backups off to a different location.

2) Snapshot through the web gui - this will create a system snapshot which you can then revert to, again using the web gui

3) An upgrade export - this will backup the internal CA and firewall configuration but not OS level stuff, i.e. interface config, hostname etc. This can then be used to create your smartcenter on a different machine and / or platform - this is essential for disaster recovery. Details for this are available on the knowledge base but generally you will go into the $FWDIR/bin/upgrade_tools/ directory and run the following: "migrate export mybackupname" - this creates mybackupname.tgz which you can then move off the machine to keep for a disaster recovery situation.

Hope this helps.

G
0
 
MikeAnalystAuthor Commented:
Thanks. Currently I only have access to this through "checkpoint SmartDashboard". Is there a way I can backup using the smartDashboard?
0
Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

 
grimkinCommented:
Hi,

In short, no. You need to have access to the operating system, not just the checkpoint software. This means either webgui or ssh / console. You can perform a database revision which backs up th current set of firewall rules and objects but again you need os level access to move it off the machine.

Hath.
0
 
MikeAnalystAuthor Commented:
I wll try to get the ssh working. If get it working, what is the command I need to use to backup the entire system and configuration. Thanks.
0
 
netcmhCommented:
Using ssh, you can console in and run the command backup. The backup will be found in /var/log/CPbackup/backups
0
 
grimkinCommented:
You can use the backup command from either standard or expert mode via ssh. To get a list of the options, use the "--h" switch as shown below. You can also have this backup automatically moved off the machine via TFTP / FTP / SCP.

Hope this helps

G

[Expert@trinity]# backup --h
usage:
backup  [-h] [-d] [-l]  [--purge DAYS] [--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off] [--tftp <ServerIP> [-path <Path>] [<Filename>]]
                [--scp <ServerIP> <Username> <Password> [-path <Path>] [<Filename>]]
                [--ftp <ServerIP> <Username> <Password> [-path <Path>] [<Filename>]]
                [--file [-path <Path>] [<Filename>]]


where:
        -d                              Show debug messages
        -l, --logs                      Back up log files
        -h, --help                      Show this help information
        -t, --tftp                      Transfer backup package to TFTP server
        -s, --scp                       Transfer backup package to SCP server
        -v, --ftp                       Transfer backup package to FTP server
        -f, --file                      Specify local backup package filename
        -e, --sched                     Configure scheduled backup operation
        -p, --purge                     Purge local backup packages older than DAYS
[Expert@fwtest]#
0
 
MikeAnalystAuthor Commented:
I still have issue connecting other than the dashboard. Getting some planned-downtime soon, going to play with this coming weekend to see if I can back it up.
0
 
netcmhCommented:
Thanks for the grade. Good luck.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 3
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now