 | ||
 Firewall Manager Recovery?? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-05-18 | |||
| |||
 Firewall Manager Recovery?? Hello, Is it possible to pull the running profile from the firewall devices back into a restored firewall manager? Our manager died yesterday and it appears as though our latest backup was about 2 months ago (I have no idea why they aren't more current). Is there a way, after rebuilding and restoring, to pull the running profile and rules from the firewalls so that we don't have to manually rebuild 2 months worth of rule changes? Thanks  |
| 2006-05-18 | |||
| |||
| Re: Firewall Manager Recovery?? Nope, the rules are pushed to the firewall as compiled code. If you still have access to the logs, you can use the Audit log to see what was done when. Ray |
| 2006-05-19 | |||
| |||
| Re: Firewall Manager Recovery?? Quote:
|
| 2006-06-01 | |||
| |||
| Re: Firewall Manager Recovery?? In a VSX environment, there are 2 files that you can use, they are somewhat stripped but still human readable.... objects.C and rules.c in dir /var/CTX/CTXnnnnn/database where nnnnn is the vsid # You can try to read these and match what's missing, or if you're willing to take a short step back for an hour or two: .save these two files off (critical!) .push policy (yes you will lose 2 months of changes) .grab the new versions of these 2 files .run a comparison (CompareIT! is nice on windows) and adjust your rules accordingly you should be able to get to where your new files are almost identical to the original files, except for some funny checkpoint generated bits The above files have no comments or any other "fancy" stuff, but are usable. To my knowledge there are no tools out there that will directly work with these. Yet. |
| 2006-10-30 | |||
| |||
| Re: Firewall Manager Recovery?? It is possible. I did this for a customer a while back on r55. They lost their smartcenter and only had the cluster left. If I remember correctly, I grabbed the rules.c and objects.c out of the database directory on one of the enforcement points and went to town with some manual hacking and use of the cp_merge utility. I think I did a cp_merge export policy on a small poilcy to get the format, then pasted parts of the rules.c into it and cp_merge policy import. Though this may have been one of the failed attempts. After using cp_merge (may have used fwm confmerge in conjuction with objects.c from enf point before doing this?) to pull in objects. After a few hours of tinkering it was still a bit messed up, but I upgrade_export and then upgrade_imported the same config and it straightened out whatever I hadn't hacked properly and voila I had restored the smartcenter. The customer was happy and I was very proud of myself. This post is not technically very useful, I don't remember exact steps, but it is possible with a few hours of patience. fwj |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
