Checkpoint backup for Mgmt HA

chuachongchee · #1 (**permalink**) 2007-11-08

Hi All,

Wondering how do we backup a mgmt HA?

I know for standalone, we use upgrade_export, on my previous standalone scs, i have done a script to backup the config daily at ard 3am and after that on my nms machine, theres a script to pull the backup from my scs.

I have changed from the standalone to a distributed scs with mgmt ha, i'm currently still doing the above mentioned way of backup currently for my primary scs, and my mgmt ha was jus up like 2 days ago..

Also, is there a more graceful way to do a backup, was thinking what if one of us admin logs in to the dashboard and happily goes home without logging out.. The backup will fail and thats it, no backup done for the day.. any "graceful workarounds"?? was think to add in cpstop b4 the backup, but this seems quite bruteful and imagine the changes the admin done is lost!

Currently running NGX R65 scs on RHEL 3.0, update 9. Would appreciate all help.. thanks..

Thorpuse · #2 (**permalink**) 2007-11-08

Send an RFE/Support call to Check Point to request a command-line way to disconnect GUI clients. This is the achilles heel in CP's management backup strategy, and has been for some time. Upgrade_export is still the way to go.

chuachongchee · #3 (**permalink**) 2007-11-09

ok.. the login for portion for upgrade_export i guess theres no workaround..

but what about the recomended backup procedure for a mgmt ha? do we upgrade_export both pri n sec mgmt?

mcnallym · #4 (**permalink**) 2007-11-09

You should upgrade_export both boxes. However the secondary only pulls the important part from the primary so it's not that big a deal to build the secondary from scratch if necessary

chuachongchee · #5 (**permalink**) 2007-11-09

Quote:

Originally Posted by mcnallym

You should upgrade_export both boxes. However the secondary only pulls the important part from the primary so it's not that big a deal to build the secondary from scratch if necessary

But my concern is that for whatever reason the secondary scs becomes active for a period of time, and theres a problem, we lose the config... is there a way to check if its the primary scs before doing a upgrade_export??

In terms of file structure, or database, lets say the sec scs becomes active/pri, so is the database like a full fledged normal pri scs??

I mean in cli mode, since i'm using a cron script..

chuachongchee · #6 (**permalink**) 2007-11-11

Quote:

Originally Posted by chuachongchee

But my concern is that for whatever reason the secondary scs becomes active for a period of time, and theres a problem, we lose the config... is there a way to check if its the primary scs before doing a upgrade_export??

In terms of file structure, or database, lets say the sec scs becomes active/pri, so is the database like a full fledged normal pri scs??

I mean in cli mode, since i'm using a cron script..

any help??

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode