Firewall Manager Disaster Recovery

avilT · #1 (**permalink**) 2006-03-15

I have Nokia IP 330, VRRP running NG FP3, firewall Manager is on Windows 2000. I need disaster recovery for Windows Firewall Manager. If the firewall manager crashes, how do I bring up the firewall manager on a new maching after installing Windows 2000? What files I need to backup? Thanks in advance.

Lackie · #2 (**permalink**) 2006-03-16

You can use the FP3 version of upgrade_export. This will create a backup of all of the Check Point data. All you have to do is rebuild a machine with the same IP address and Hostname, install Check Point and import this back into it.

avilT · #3 (**permalink**) 2006-03-19

Thank you very much for the reply. Does this also back up the SIC data? Many books suggested to backup only 2 files, object_5_0.C and rulebases_5_0.fws, install the firewall manager on a new PC, restore these two files and then reset the SIC. I was able to load the smart dashboard with this method but had to face several problems. What is the best way to perform the recovery?

Lackie · #4 (**permalink**) 2006-03-20

This does back up the SIC data.

Blueberry · #5 (**permalink**) 2006-05-19

upgrade_tools i.e. the export and import utilities are the best way of backing up that I have come across. As stated as long as the hostname, ip address and versions are the same this will work without a problem.

Sometime the import fails at the very end or you get a random seed issue but these are easily rectified by redoing the task.

srikrishnak · #6 (**permalink**) 2006-05-22

Agree. Export/Import DB is the best option available for the time being. As an idot proof method backup all the FWDIR directory in to another Hard Drive. Some times its quite handy.

sengkhoon · #7 (**permalink**) 2006-09-20

Hi All,

I just want to confirm that by running the command upgrade_export. IT will not cause any service to reset or the firewall to be down for a while . which will cause impact to the network

RayPesek · #8 (**permalink**) 2006-09-20

I'm not sure if you're asking the question or affirming the above responses. You are correct. It will not affect anything. Just don't save it on the same drive as where SmartCenter is installed. :-)

Ray

danensis · #9 (**permalink**) 2006-09-26

Isn't there a registry string that you have to save as well? I understand SIC will not work unless you do this?

sengkhoon · #10 (**permalink**) 2007-02-04

Hi ,

I was trying to do a backup on the FW1 folder but i am getting an error.

cannot copy cpsql_ccN3ceiszAyxgC: It is being used by another program.
Can i know what is this file?

Thanks

baboo · #11 (**permalink**) 2007-02-05

AFAIK the "update_export"-command does not backup your routes.

So remember to write down your routes.
(I found out that the routes are saved in /etc/sysconfig/netconf.C but I'm not sure if it's enough to just save that file.. )

Kind regards,
Manuel

stefan73er · #12 (**permalink**) 2007-02-09

Quote:

Originally Posted by danensis

Isn't there a registry string that you have to save as well? I understand SIC will not work unless you do this?

yes there is a registry string on a windows system but the upgrade export will save this also.

And for sure this is the best way to backup checkpoint i know.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode