Checkpoint - Backup
Checkpoint - Backup
Checkpoint - Backup
Checkpoint - Backup
Checkpoint Backup
There are a few methods to perform a backup of Check Point system running Gaia OS. They differ
by size, time of creation and content.
Snapshot Management
System Backup (and System Restore)
Save/Show Configuration (and Load Configuration)
All methods are appliance-specific and can only be restored on the same model of appliance.
All methods can be used to backup your Security Gateways, Security Management Servers.
For complete backup of the system and maximum confidence, Check Points recommends
combining all three methods as part of the backup plan (Snapshot Management, System
Backup/Restore, and Save/Load Configuration).
Snapshot Management
The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes all
of the operating system files and various Check Point software files such as specific drivers and
configuration.
To create the snapshot image requires free space on the Backup partition. The required free disk
space is the actual size of the root partition, multiplied by 1.15.
The log partition is not included in the snapshot. Therefore, any locally stored FireWall logs will
not be saved.
Starting in R77.10, Gaia OS supports exporting an image from one machine, importing and
restoring that image on another machine of the same type (e.g., can be used during RMA cases).
When exporting a snapshot, the Gaia OS transfers the relevant files for a snapshot to the
/var/log/ partition, then compresses all files into one archive file.
For this operation, the requirement is that the free space in the /var/log/ partition is at least
twice the size of the final snapshot.
Gaia Clish.
Gaia Portal - "Snapshot Management" page.
Gaia Portal First Time Wizard (starting from R77.10) - "Import existing snapshot" option.
Points to remember.
Snapshot and Revert operations must be performed on appliances of the same model.
Any user data saved in /var/log/ partition is not saved as part of the snapshot.
When reverting to a snapshot taken on a machine other than the current machine, the license may
be invalid and may require re-activation, due to MAC address change.
You cannot import a snapshot if a snapshot with the same name already exists on the machine.
Renaming of the exported image is not supported. It is not possible to revert from a snapshot image
that was renamed.
Threat Emulation updated engine, images, detection rules and logic may need to be downloaded
again after reverting.
All packages that were uploaded with SmartUpdate to the Security Management Server before
reverting are invalid after reverting. To fix this, delete the packages from SmartUpdate and upload
them again.
Gaia's Backup feature allows backing up the configuration of the Gaia OS and of the Security
Management server database, or restoring a previously saved configuration
A backup creates a compressed file that contains the Check Point configuration including the
networking and operating system parameters, such as routing and interface configuration etc., but
unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.
Step 1
Run the appropriate restore command.
Step 2
Monitor progress.
Step 3
Once operation is done reboot the machine.
Step 4
Install policy.
Step 1
Create the backup task.
Step 2
Schedule the backup task.
HostName> set backup-scheduled name TuesThursBackup recurrence weekly days 2, 4 time 18:00
Backup was successfully scheduled.
To configure monthly or weekly backups, days and months need to be converted to numerical
format. For example: Monday becomes 1, Tuesday becomes 2, and September becomes 9 and so
forth.
Saving Gaia OS configuration settings as a ready-to-run CLI script. This allows us review our current
setup and quickly restore the Gaia OS configuration.
This operations are only for Gaia OS settings e.g. configuration of interfaces, SNMP, dynamic
routing, etc.
Gaia Clish
Expert mode
Gaia Clish
Expert mode
Points to remember.
Restore is only allowed using the same Gaia version on the source and target devices.
Restore is only allowed using the same appliance model on the source and target devices.
Once restore is done, we must reboot the machine and install policy in order to apply the new
configuration.
The backup file name generated by the backup command should not be renamed and must not
contain spaces.
Log files are not backed up by default for Security Management Servers, to include log files in the
back up include the -l flag.
Log files are backed up by default for MDS backups, to exclude log files from the backup include
the -l flag.
Migrate Export
If we just want to backup the object/rule data, we should use the migrate export utility.
We can use this utility to backup Check Point configuration on the management server.
If the system is not running on a highly loaded CPU, you can do a backup on a live system without
interruption of the services.
If we change the Check Point version you can only go up, in other words you can upgrade not
downgrade.
Use the migrate utility to export and import Check Point Security Management Server database.
Action:
When migrating between 2 different major versions, you should use Migration Tool of the higher
version - i.e., when upgrading from R71 to R75, "R75 Management Server migration tools" should
be used on R71.
To export:
# cd $FWDIR/bin/upgrade_tools
# ./upgrade_export filename
To import:
# cd $FWDIR/bin/upgrade_tools
# ./upgrade_import filename
This utility creates a version of your current policies, object database, IPS updates, etc. It is useful
for minor changes or edits that you perform in SmartDashboard.
In SmartDashboard -> 'File' menu -> Database Revision Control -> Create
Comparison of backup methods
Does it back up
Yes Yes Yes No
Gaia OS configuration?
Does it back up
Yes Yes No Yes
Products configuration?
Does it back up
Yes No (*) No No
Hotfixes?
Not by default.
Use the flag "-l"
Does it back up
in the syntax
Check Point No No No
to backup the
logs?
SmartView Tracker
logs as well
Does it support
No Yes No No
automatic scheduling?
Upgrade is performed
Can you restore With manual
Yes No when importing to
from different version? adjustments
a newer version