Monday, July 26, 2010

Checkpoint Nokia / Secure Platform : Backup Methods : CMA and Gateway

NOKIA

The Nokia IP series appliance comes with an option in Voyager to perform a backup. This will backup and restore the configuration for both Nokia IPSO and firewall packages. The files backed up when using the Nokia Voyager's Backup and Restore function are listed below.

Under the $FWDIR, the following files are backed up during the backup process:

$FWIR/conf/*
$FWDIR/state/*
$FWDIR/database/*
$FWDIR/lib/user.def
$FWDIR/lib/control.map
$FWDIR/etc


Under the $CPDIR, the following files are backed up during the backup process:

$CPDIR/conf/*
$CPDIR/database/*
$CPDIR/registry/*
$CPDIR/etc/*




Secure Platform

Secure Platform NG with Application Intelligence and NGX provide a command line or Web GUI capability for conducting backups of your system settings and products configuration. The backup utility can store backups either locally on the SecurePlatform machine hard drive or remotely to a TFTP server or SCP server. The backup can be performed on request, or can be scheduled to take place at set intervals.
The backup files are kept in tar gzipped format (.tgz). Backup files saved locally are kept in /var/CPbackup/backups. The restore command line utility is used for restoring SecurePlatform settings and/or Product configuration from backup files.

See the Secure Platform documentation for exact syntax for the backup command.

You can choose to export the existing Check Point configuration of your machine (including which Check Point products are installed, and all their configuration files). This can be later used to import to a clean machine (any Check Point supported OS), enabling you to replace an existing machine with another (with an identical Check Point configuration).

The exported file is saved in the /var/tmp/cpexport file. You can use TFTP to transfer it to a TFTP server (use the 'sysconfig' utility, "Export Setup"). The "Import" option can only be accomplished on a clean machine. Install SecurePlatform, and use the shell for the initial setup (through 'sysconfig').
The first time installation wizard will offer to get an imported file from a TFTP server, and later will invoke the Check Point upgrade wrapper that will allow you to import the configuration from that file.

UPGRADE _EXPORT

The upgrade_export tool is used for Smartcenter server to export a copy of the rules and user databases. During the installation process, there is an option called Installation using Imported Configuration. At this point, you can select the previously exported tgz file to import, and then automatically installs the new software and utilizes the imported .tgz configuration file.
You can log in to SmartDashboard and install an existing Security Policy without having to reset SIC. This process minimizes downtime in the event of catastrophic system failure.

Import and Export tools are located under $/FWDIR/bin/upgrade_tools or on the installation CD-ROM.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.