Automating upgrade_export

[slands10]

Hi folks,
I've been researching a solution to automate the upgrade_export utility on Windows so we can take frequent backups for the CS config and all the associated bits and bobs. There is a fair amount of information relating to how to use batch files etc, but something that I have yet to find is anyone mentioning the need to stop all the services on the Management Server prior to running the utility, I was under the impression that this was a requirement for the utility to complete successfully as per the CP manual?
Can anyone give a definitive answer? Many thanks!

[mcnallym]

You DONT haveto stop the services at all. I have upgrade_export many boxes fine without stopping the services. It is just a recommendation to do if your export fails to execute propertly. I have certainly never read in the manual that you must stop them.

If you have found the article that explains the removing the need to press any key to continue then you are there anyway.

If you want to stop and start the Check Point Services, how hard is it to add cpstop and cpstart into the batch file

upgrade_export -n will resolve the press any key issue

so something like

cpstop
upgrade_export -n
cpstart

should do in a batch file. Then use Windows Scheduler to automate running the batch file.

[slands10]

Hi, thanks for your response. I have defiantly read that the services related to the Management Clients should be stopped, however this may be to prevent users remotely accessing whilst the utility runs - I can't find the document I read it in! Didn't want to assume that it'd be OK to export the config with the services running.
Anyhoo, cheers again, will report back :)

[chillyjim]

GUI clients should be disconnected, but ohterwise you can do an export live.

[slands10]

Hi all,
Thanks for the help when I requested it. Just for completeness, and incase anyone is looking for a script for backing up with upgrade_export, here is how I did it, using Cygwin for mapping drives while no user is logged in to the management workstation. I used several different scripts as troubleshooting is far easier.

Process:
Call Backup.bat - to map drive using Cygwin
Run upgrade_export
Call date parameters
Rename CP backup file with the days date
Move the renamed file to the mapped drive
Disconnect the mapped drive

(note:
all CP services are still running - this is done when there is little / no change someone will be using the GUI)




------------------------------------------------------------------
CPBackup.bat:
call C:\Backups\backup.bat

echo | C:\CPBackup\upgrade_export.exe /CPBackup/CP_backup.tgz **(this line works - the echo passes a C.R.)

for /f "tokens=1,2,3 delims=/ " %%i in ('date/t') do (
(set Dy=%%i)
(set Mth=%%j)
(set Yr=%%k)
)
rename *.tgz "CPBackup_%Dy%%Mth%%Yr%.tgz"


move CPBackup_%Dy%%Mth%%Yr%.tgz L:\Archive\CPBackup
call C:\Backups\FinishBackup.bat

---------------------------------------------------------------------

Backup.bat:
C:\cygwin\bin\bash C:\backups\backup.sh %1%

---------------------------------------------------------------------

backup.sh:
PATH="/usr/local/bin:/usr/bin:/bin:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINNT/system32:/cygdrive/c/WINNT"
# Mount the L: drive
net use L: /delete /yes
net use L: '/USER:SERVER\myusername' /PERSISTENT:YES '\\mappeddrive\myfolder' 'mypassword'

-----------------------------------------------------------------------
FinishBackup.bat
E:\cygwin\bin\bash E:\backups\FinishBackup.sh %1%

-----------------------------------------------------------------------
FinishBackup.sh
PATH="/usr/local/bin:/usr/bin:/bin:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINNT/system32:/cygdrive/c/WINNT"
# Dismount the L: drive
net use L: /delete /yes

[Thorpuse]

Nice scripts, but as I've mentioned in other threads, you need to ensure that GUI clients are disconnected, and there's no way of doing this at command-line unless you run cpstop (Although, it *can* be done. Just CP won't reveal how and seem to not notice the RFE's for this....).

If the GUI clients are connected, any files that are open or in a locked state don't get copied properly. This can be disastrous for when you try and restore, and trust me, a disaster situation is NOT when you want to find out about this.

C'mon Check Point, tell us the command that powers that magical "Disconnect Client" button in SmartView Monitor?

[slands10]

Cheers for the reply. Yeah, it isn't the ideal solution in that it foes not guarantee exclusive access to all files for upgrade_export, I am banking on the Mgmnt Console being free most if not every night around that time. I don't suppose you know if there is any log output with the script may produce?

[Thorpuse]

... and you've just identified the other issue with a scripted run of upgrade_export....

[trinity]

Sorry if this is a stupid question but is it safe to map a network drive on the SmartCenter server to allow backups to be made (which would also include the nessarary changes to the security policy)?

Thanks

[slands10]

Hi,
Perhaps someone else can provide some info on this? I hadn't considered it a security problem as it is backed up to a secured NAS, any further thoughts would be much appreciated, thanks :)