Backup your O/S Config in GAIA command line

Many people will open a command prompt in GAIA and will do a “show configuration” to see how they have their Check Point configured. They will then copy/paste that config into notepad to save for later.

However there is an easier way to do this. By using the command (From the CLISH prompt)

save configuration <filename>

The file will be placed in the home directory of the user you are logged in as.

Here is an example:

back

Backup Scenarios

I have had people ask me about my other backup post about the types of backups you can do. Everyone wants to know “when” should they do a specific type of backup. Well I took this right from sk105385

BACKUP

Backup files are taken on a regular basis, and it is recommended to always perform a backup before performing an upgrade. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the drivers.

A backup, unlike a snapshot, can be restored on the same or a different appliance running the same Check Point version and hotfixes, but the backup file contains the MAC addresses of the original appliance, on which it was taken, and these MAC addresses will be restored as well.

Before restoring a backup to replacement hardware, the original MAC addresses on the replacement hardware should be recorded. After restoring the backup on the new machine, the MAC addresses should be changed back to the original (recorded) MAC addresses. In Gaia this can be done via the WebUI, For SecurePlatform please contact Check Point Support for assistance with this.

To migrate the configuration between a replacement SecurePlatform appliance or a replacement Gaia appliance, instead of restoring a backup on a replacement appliance, it is recommended to use the migrate export and migrate import tools or the upgrade_export and upgrade_import tools found in $FWDIR/bin/upgrade_tools/.

SNAPSHOT

Snapshots are typically performed when the appliance was first installed and in a maintenance window before performing a major upgrade. A snapshot creates a file that contains a binary image of the entire root (lv_current) disk partition. This includes all of the operating system and various Check Point software files, such as specific drivers.
The log partition is not included in the snapshot, so any locally stored Firewall logs will not be saved.
Snapshots are appliance-specific and can only be restored on the same hardware.

migrate export / upgrade_export

The migrate export (Pre-R75) or upgrade_export (R75 and later) utility backs up all Check Point configurations independent of hardware, OS, or version, but does not include OS information. This utility may be used to backup management server configurations and is intended for upgrades or migration of database information to new systems with hardware changes, BUT will not work when downgrading to an earlier version.

It is recommended to perform an export at least every month or more often, depending on how frequently changes are made in the policy or network. It is also highly recommended before upgrading or migrating to a new version. Does not cause interruption of the services so it can be performed anytime outside a maintenance window.

References:

sk105385

Backing up your Check Point Infrastructure

I have had many a customer ask me “…how should I backup my Check Point?”

There have actually been many posts in the usercenter about this showing how and recommended ways. However I decided to consolidate some of that and put them here in this post so that you can read it. I am also including the specific articles used that you can reference.

Bottom line if you are backing up your stuff that is good news, however if you are not then you need to be doing so!!

Here are two separate scenarios on how to backup and restore your Check Point Infrastructure you can use. I will also include a supplemental backup that you can do for your management station as well (see Management Supplement #1)

BACKUP SCENARIO #1:  SNAPSHOT

The snapshot creates a binary image of the entire root disk partition. This includes Check Point products, configuration, and operating system. It is important to note that this does not include the log files as logs are not stored in the root partition. There are still space requirements you should consider before doing scenario #1.

To create the snapshot image requires free space on the Backup partition. The required free disk space is the actual size of the root partition, multiplied by 1.15.

 The free space required in the export file storage location is the size of the snapshot multiplied by two.

 The minimum size of a snapshot is 2.5G, so the minimum free space you need in the export file storage location is 5G.

To create a snapshot image:

It is important to note you can do this from the command line or the web portal (WebUI) (see GAIA Administration Guide for the command line), so just from a web browser login to the GAIA portal.

1. In the tree view, click Maintenance > Image Management.

2. Below available images, click New Image. The Create New Image window opens.

3. In the Name field, enter a name for the image.

4. Optional: In the Description field, enter a description for the image.

5. Click OK.

You can choose to leave it on the filesystem, &/or you can save it off.  However, if you save it off as well as leave the latest and greatest on the filesystem you will have access to it in a pinch.

snap3

 

How to Restore an image you took but don’t have it on the filesystem:

Now that you have your image on the filesystem (or it was already there) here is how to restore it.

1. In the tree view, click Maintenance > Image Management.

2. Select an image.

3. Click Revert. The Revert window opens.

Of course this procedure means the device is in a down state at the time, however if you are having to revert to an image you created I am guessing that is the least of your worries at that moment. But worry not!  Restore it and you will be up and running with the system looking like it was when you took the snapshot.

BACKUP SCENARIO #2:  SYSTEM BACKUP

System Backup can be used to backup current system configuration. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.

You can store backups locally, or remotely to a TFTP, SCP or FTP server. You can run the backup manually, or do a scheduled backup

To add a manual one time backup:

1. In the tree view, click Maintenance > System Backup

2. Click Add Backup.

The New Backup window opens.

3. Select the location of the backup file:

This appliance

TFTP server. Specify the IP address.

SCP server. Specify the IP address, user name and password.

FTP server. Specify the IP address, user name and password.

To add a scheduled backup:

1. In the tree view, click Maintenance > System Backup.

2. Click Add Scheduled Backup. The New Scheduled Backup window opens.

3. In Backup Name, enter the name of the job. Use alphanumeric characters only, and no spaces.

4. In Backup Type, enter the location of the backup file.

    This appliance

    TFTP server. Specify the IP address.

    SCP server. Specify the IP address, user name and password.

    FTP server. Specify the IP address, user name and password.

5. In Backup Schedule, select the frequency (Daily, Weekly, Monthly) for this backup. Where relevant, enter the Time of day for the job, in the 24 hour clock format.

6. Click Add. The scheduled backup shows in the Scheduled Backups table.

back2

To restore from a backup:

1. In the tree view, click Maintenance > System Backup.

2. Select the backup file and click Restore Backup.

 

MANAGEMENT SUPPLEMENT #1

To do a migrate export for your management station (SmartCenter) from the command line.

This migrate export captures your management station’s database (policies, objects, certs etc…) however it is Not capturing any O/S related info such as the IP, hostname, routing etc…

1. Log in to the expert mode.

2. Type: cd $FWDIR/bin/upgrade_tools

3. Type: ./migrate export <exported database name>.tgz

4. Do the instructions shown on the screen. This creates the <exported database name>.tgz file.

5. Copy the file off and save it.

That is all folks. Not that hard to do, and once you are setup you won’t need to worry should anything ever happen.  I recommend you do all of the scenario’s I mentioned on a regular basis (just like any server backup) then you can truly be successful.

You can read more information about what I wrote here at our usercenter.

References:

sk108902

Gaia Administration Guide R77

Gaia R77 Installation and Upgrade Guide