Académique Documents
Professionnel Documents
Culture Documents
Note: The presented bellow backup and recovery procedures will work only if both
Management Servers are on the same OS. All presented bellow actions are on the
Management Server only (SmartCenter Server).
BACKUP
$FWDIR/conf/Objects_5_0.C
$FWDIR/conf/rulebases_5_0.fws
$FWDIR/conf/slprulebases_5_0.fws
$FWDIR/conf/fwauth.NDB
Note: On Windows machines fwauth.NDB file is only the pointer to the real user
database file, for example, fwauth.NDB145. In this case take the real database file
-fwauth.NDB145, and rename it to fwauth.NDB.
2. The ICA and SIC related files that should be copied are:
$FWDIR/conf/InternalCA.*
$FWDIR/conf/ICA*.*
$CPDIR/conf/sic_cert.p12
3. In addition to the above files, you also need to backup and import the
following:
(Unix)
/opt/CPshared/registry/HKLM_registry.data
Note: Copy everything under 'SIC'.
(Windows)
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\SIC
Note: Export this key and then import it on the target machine.
4. From NG FP2, you should also copy all the files from:
$FWDIR/conf/crls
RECOVERY
TROUBLESHOOTING
(Unix),
(Windows)
fw m &endash;g <nazwa polityki>.W
1. fw sic_reset
Note: 'fwm sic_reset' format on FP2 and above. If Firewall object has IKE
certificates defined it is necessary to delete them (using Policy Editor or
manually in object_5_0.C).
1 . Run 'cpstop'.
2. Backup $FWDIR/conf/object_5_0.C
5. Run 'cpstart'.
*network objects*
where:
*users*
*security policy*
Note:
If rules are not seen in GUI compile *.W policy files as presented above. It is
also reasonable
*diagnose*
fw checkobj
NG UPGRADE PROCEDURE FROM 4.1 VERSION
1. Run the Upgrade Verifier Utility (pre upgrade verifier). It can be downloaded
from Check Point Web site.
3. From Checkpoint Web site download upgrade.4.3.tgz file, unzip it on new Firewall
machine. Then verify if the required FPx directory was created (e.g. upgrade/FP3).
If not manually create the directory (e.g. upgrade/FP3).
a. objects.C
b. fwauth.NDB
Note:
On Windows machines this file is only the pointer to the real database file, e.g.
fwauth.NDB144. In this case take the real database file (fwauth.NDB144), rename it
to fwauth.NDB and put it in the \upgrade\4.1 directory.
c. rulebases.fws
(Windows)
(Unix)
Additional notes:
1. The upgrade script will backup any modified file into /upgrade/backup/
directory.
2. If you are moving from a Windows machine to Unix do dos2unix (UNIX command) on
objects.C and rulebases.fws
3. In order to keep other configuration files (e.g. gui-clients, masters) copy from
4.1 system $FWDIR/conf directory to NG system $FWDIR/conf the following files:
- xlate.conf,
- aftpd.conf,
- smtp.conf,
- sync.conf,
- masters,
- clients,
- fwmusers,
- gui-clients,
- slapd.conf,
- serverkeys,
- product.conf.