 | ||
 Firewall Policy | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-06-19 | |||
| |||
 Firewall Policy So we had a SmartCenter server drive failure for a customer. Lost the opt directory (on Solaris) They have no backups, of course, and the last time the Solsoft Admin took a snapshot of the smartcenter was a few months ago. So we could recover most of the rules with solsoft, however there were 3 months of rule changes we're too lazy to type back in. Luckily the firewalls have the last policy running on them. However, we're going to have to push some rules sooner or later. We have recovered the smart center and wouldn't it be great if you could do a fw get and poll in the last policy that was pushed......anyone know of a tool or utility that can "magically" do this? cp_merge wants to chat with smartcenter so that option is out... Scott,  |
| 2008-06-19 | |||
| |||
| Re: Firewall Policy Data Recovery Services, Software, Solutions - Ontrack Data Recovery - They do a wonderful job of recovering data from failed hard drives. My guess is they could recover everything you need. The cost is usually between $1,000 and $2,000 for us. Ray |
| 2008-06-20 | |||
| |||
| Re: Firewall Policy do you have a cpinfo from any point from the box. I can recover from that but you will need to reset sic with the firewall's. The good news is all of your policy and objects will be avail. |
| 2008-06-22 | |||
| |||
| Re: Firewall Policy And I'm thinking now that you've got a reasonably good business case for putting mirrored drives in your SCS. Plus of course writing a simple backup script to at least scp the configuration to some other system. |
| 2008-06-22 | |||
| |||
| Re: Firewall Policy At the Gateway take a look into the following directory: Code: cd $FWDIR/database/ -rw-rw---- 1 root root 1530778 Jun 20 12:15 objects.C -rw-rw---- 1 root root 450480 Jun 20 12:15 rules.C Before you try anything at the original harddisk such as massive fsck think about the more secure way to get the data back. If the HD is working but has lost the partition table / corrupt filesystem... #> dd if=/dead/harddisk of=/lot/of/space/dead_hd.dd bs=1m (HD mount -ro) If the HD is not working (no spin up) Try to find the same HD and change the HD controller, if the drive comes up now try to '#> dd' the harddisk. If you where able to dd the HD read on, else the following suggestion are not from interest since insecure. There are tools out such as The Sleuth Kit & Autopsy: Digital Investigation Tools gpart - Guess hard disk partitions The Coroner's Toolkit (TCT) These tools can operate at the dd-image and recover lost files, restore a partition table... At some places you can also find a bootable Linux CD with the tools, keep in mind the dd-image can be copied to another *NIX station. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
