Embed Size (px)
Citation preview
6 April 2011
How To Backup a SmartCenter
© 2011 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Important Information Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Latest Documentation
The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=11973
For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).
Revision History
Date Description
4/6/2011 First release of this document
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments (mailto:[email protected]?subject=Feedback on How To Backup a SmartCenter ).
Contents
Important Information ............................................................................................. 3 How To Backup a SmartCenter .............................................................................. 5
Objective ............................................................................................................. 5 Supported Versions ............................................................................................. 5 Supported OS ...................................................................................................... 5 Supported Appliances ......................................................................................... 5 Related Documentation and Assumed Knowledge .............................................. 5 Impact on Environment and Warnings ................................................................. 6
Take a Snapshot ..................................................................................................... 6 Snapshot using the CLI Command ...................................................................... 6 Snapshot using the WebUI .................................................................................. 6
Backup Procedure .................................................................................................. 7 Backup using the CLI .......................................................................................... 7 Backup using the WebUI ..................................................................................... 7
Upgrade tools .......................................................................................................... 7 Upgrade tools using Linux ................................................................................... 8 Upgrade tools using Windows ............................................................................. 8
Additional Backup options ..................................................................................... 9 Database Revision Control .................................................................................. 9 Saving Routing and Interface Information ............................................................ 9
Recommended Backup Schedule ........................................................................ 10 Verifying the Procedure........................................................................................ 11
Objective
How To Backup a SmartCenter Page 5
How To Backup a SmartCenter
Objective This guide assists in the recording and storage of current configurations on the SmartCenter to another location. In case of hard drive failure, failed upgraded, database corruption or other system failures the data can easily be restored.
It is important to always have a copy of the most recent information in the Security Management server and Security Gateway databases.
There are two methods of taking a Snapshot and creating a Backup with SecurePlatform, through the WebUI and CLI. You can use the Upgrade Tools for Linux and Windows.
Supported Versions All current Check Point versions
Supported OS SecurePlatform
Windows
Linux
Solaris
IPSO
Supported Appliances All current Check Point Appliances
Related Documentation and Assumed Knowledge
Experience with command line interfaces (CLI) and WebUI tools.
Terminology
Standalone - Security Gateway and Security Management on the same machine
Distributed - Security Gateway and Security Management on separate machines
Related Documentation
Refer to:
R75 Installation and Upgrade Guide (http://supportcontent.checkpoint.com/documentation_download?ID=11648)
Impact on Environment and Warnings
Take a Snapshot Page 6
Impact on Environment and Warnings The Snapshot and Backup process is recommended to be run during a maintenance window.
Take a Snapshot A Snapshot, including drivers, will be created and is only available for SecurePlatform.
The Snapshot can be used to backup up both Security Gateways and Security Management servers. The Snapshot will generate a large file.
Note - The Snapshot can only be restored to the same machine that is in the same state (same OS, same CP version, same patch level).
For UTM-1 and Power-1 appliances, you can only take a Snapshot with the WebUI. The snapshot must stay on the appliance.
Snapshot using the CLI Command
To take a Snapshot with the CLI:
Run: snapshot
The Snapshot uses default backup settings and place the file in the directory /var/CPsnapshot/snapshots when no flags are set. Additional flags for file name or tftp server can be used. Use the command
snapshot -h for help and a listing of available flags.
To restore the system from the Snapshot file:
Run: revert
The system is restored to the configuration as set in the Snapshot. Use the revert -h for help.
Snapshot using the WebUI
To take a Snapshot with the WebUI:
1. Login to https:///mgmt:4434.
2. Click Appliance -> Image management-> Create.
To restore:
1. Login to https://<ip_address>/mgmt:4434.
2. Select the snapshot.
3. Select revert.
Backup using the CLI
Backup Procedure Page 7
Backup Procedure A Backup of the Check Point configuration and networking/OS system, such as routing data, is restored. It is only available on SecurePlatform.
The Backup can be used to restore both Security Gateways and Security Management servers. The file will be slightly smaller than the file generated by Snapshot.
The restoration must be done to the same machine, same OS, same Check Point version and patch levels.
Backup using the CLI
To Backup the system with the CLI:
Run: backup
If no flags are used the default Backup settings will place the file in the directory: /var/CPbackup/backups. On the UTM-1 and Power-1 appliances, the file will be stored in /var/log/CPbackup/backups. Additional
flags for file name or tftp server can be used. Use the command backup -h for help and a listing of
available flags.
To restore the system from the Backup file:
Run: restore
The system is restored to the configuration as set in the Backup file. Use the restore -h for help.
Backup using the WebUI
To create a Backup from the WebUI:
1. Login to https://<ip_address>/mgmt:443.
2. Click Device -> Backup
You can choose to either perform the Backup now or schedule a Backup.
Note - The Backup can only be restored from the command line interface.
Upgrade tools Upgrade tools will perform a Backup for all Check Point configurations, but not OS configuration data. You can backup Check Point configuration on the Security Management server independent of hardware, OS or Check Point version. You can also restore to a higher Check Point version only.
Depending on the size of your policy, the created file is smaller than a Snapshot or Backup file. If the system is not running on high CPU you can do a backup on live system without interruption of the services.
The Upgrade tools are also available for Solaris and IPSO.
This utility is used through the command line.
Upgrade tools using Linux
Upgrade tools Page 8
Upgrade tools using Linux
To export on Linux:
1. Enter: cd $FWDIR/bin/upgrade_tools
2. Enter: ./upgrade_export filename
To import on Linux:
1. Enter: cd $FWDIR/bin/upgrade_tools
2. Then enter:./upgrade_import filename
The command upgrade_import will stop all active Check Point services.
Upgrade tools using Windows
To export on Windows:
1. Enter: cd c:/windows/fw1/bin
2. then enter: upgrade_export <filename>
To import on Windows:
Enter: upgrade_import <filename>
Database Revision Control
Additional Backup options Page 9
Additional Backup options
Database Revision Control This utility creates a version of your current policies, object database, IPS updates. It is useful for minor changes or edits performed in the dashboard.
Note - It cannot be used to restore the system in cases of failure.
To perform database revision control, in the dashboard go to: File >Database revision control >Create
You can create a database revision when you install a policy.
Saving Routing and Interface Information You can save the routing and interface information from your machines with these commands:
netstat -rn > routes.txt
ipconfig -a > ipconfig.txt
ifconfig > ifconfig.txt
copy /etc/sysconfig/netconf.C <location>
Saving Routing and Interface Information
Recommended Backup Schedule Page 10
Recommended Backup Schedule We recommend that you schedule backups for:
Snapshot – Backup at least once before any major changes (for example an upgrade)
Backup – Backup approximately every two months, depending on frequency of network/ policy changes, as well as before every major change
upgrade_export – Backup approximately every month, depending on frequency of network/ policy changes, and before every upgrade or migration
Saving Routing and Interface Information
Verifying the Procedure Page 11
Verifying the Procedure It is highly recommended to test your Backup procedures and confirm that all data has been restored correctly.
The backup and upgrade_export options are used for this.
