Vous êtes sur la page 1sur 1

CPUG

 

Check Point System Backup Procedures and Best Practices

 

Created and Maintained By CPUG: The Check Point User Group (www.cpug.org) and Taught at CPUG University (www.cpugUniversity.com)

SYSTEM BACKUP TYPE =>

1. Policy Package Management

2. Database Revision Control

3. upgrade_export / upgrade import

4. backup / restore

5. snapshot / revert

6. Logswitch and Copy

   

HOW TO RUN IT:

 

Where You Run It From:

GUI Clients => SmartDashboard

GUI Clients => SmartDashboard

Command Line on Security Management Server Only

Command Line on Any SecurePlatform Machine

Command Line on Any SecurePlatform Machine

GUI Clients => SmartView Tracker, Policy, or Script

     

Command Line:

Command Line: backup -- help, restore --help or SecurePlatform=>HTTPS=>D evice|Backup

   

How You Run It:

SmartDashboard =>

File|Save

SmartDashboard =>

File|Database Revision

Control

$FWDIR/bin/upgrade_tools/u pgrade_export & upgrade_import*

Command Line: snapshot -- help, revert --help; Manage Images in GRUB*

SmartView Tracker => File|Switch Active File…

Which Operating Systems Can You Run It On?:

All CP Platforms

All CP Platforms

All CP Platforms

SecurePlatform Only

SecurePlatform Only

All CP Platforms

If On a Security Management Server, Does It Require Closing All GUI Clients?:

No

No

Yes

Yes

Yes

No

If On SecurePlatform, Does It Require Expert Mode?:

No

No

Yes

No

Only On Revert

No

Does It Force a cpstop?:

No

No

Only On Import

Only On Restore

Yes

No

Does It Force a Reboot?:

No

No

Only On Import

Only On Restore

Only On Revert

No

   

WHAT IT BACKS UP:

 

The Four Rulebases (Security, NAT, QoS, Desktop):

X

X

X

X

X

 

Objects, Users, Settings:

 

X

X

X

X

 

Logs:

   

R70:40: No R75: Only with -l (dash ell)

Only with --logs

X

X

Entire Check Point Configuration:

   

X

X

X

 

Entire Check Point Configuration (Restorable/Importable to Any CP Platform):

   

X

     

Hostname, Domain, Interface Configuration, Routes, DNS Settings, VLAN Configuration, OS User Accounts:

     

X

X

 

Entire Operating System and CP Configuration:

       

X

 
   

THIS IS THE OUTPUT:

 
 

$FWDIR/conf/rulebases_5_0.

$FWDIR/conf/db_versions/re

pository/

 

/var/CPbackup/backups/ or tftp, SCP, or ftp server

/var/CPsnapshot/snapshots or tftp, SCP, or ftp server

$FWDIR/log, before you copy them off

Where the Backups Are Placed:

fws,

$FWDIR/conf/policyname.w

$FWDIR/bin/upgrade_tools/

Backup Size:

< 1 MB

5 MB and up

R70.40: 80 MB and up R75: 200 MB and up

R70:40: 180 MB and up R75: 300 MB and up

R70.40: 1.7 GB and up R75: 1 GB and up

Can be huge, depending on compliance requirements

   

BEST PRACTICES:

 

Best Practices:

This is only a minor subset of Database Revision Control. Use that instead.

Enable this and leave it on. Occasionally delete older database versions.

Script this to run nightly. It's awesome.

Script this (by Command Line or HTTPS) to run nightly on your SecurePlatform boxes.

Run this before every Hotfix, HFA or other upgrade.

Script this to run nightly.

   

CREDITS:

 

Version: Monday, 2011-04-

This is a Community Resource From CPUG: The Check Point User Group

CPUG University Students Get an Enhanced Version and a Detailed Explanation, Demonstration and Lab.

When You're Ready to Really Learn Check Point, Call for Enrollment.

Author: Barry J. Stiefel ("Stee- ful") bjstiefel@cpug.org

18T18:20

*$FWDIR is the OS environment variable that points to the Check Point installation home directory. Run set from the command line to see how it resolves. *GRUB is the "GRand Unified Bootloader", a boot time menu system on *nix boxes (like SecurePlatform). Watch closely and get ready to press a key.