 | ||
 Policy Backup | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-02-19 | |||
| |||
 Policy Backup Hi, My organization is using older version of checkpoint that is " NG Feature pack 2 build 520144" with alteon Acc & Dir. We are planning to upgrade into NGX65 with Nokia Box. I want to know how to take the policies backup, policies printout to maintain all policies database if anything goes wrong. Pls help me. Rgds, Himanshu S  |
| 2008-02-20 | |||
| |||
| Re: Policy Backup Your best bet is to run the upgrade_export tool. It creates a .tgz file with everything you need to restore. As long as you have the .tgz file safe, you could restore it. Ray |
| 2008-02-21 | |||
| |||
| Re: Policy Backup Quote:
Thanks for reply, from where do I get the upgrade tool on NG? In the policiy option I am getting "Verify, Install, uninstall, view, access lists, install user db, policy installation targets & global properties". How to create the tgz file? Once tgz file created do I take the print out for all the configured policies? Thnaks Himanshu Srivastava |
| 2008-02-21 | |||
| |||
| Re: Policy Backup They're command line tools. upgrade_export makes the .tgz file and upgrade_import reads it. In NGX they're found in $FWDIR/bin/upgrade_tools If you need to download them, I think you can find them here: Check Point Software: SmartCenter Tools It's as simple as running it, such as ./upgrade_export /var/fp2export.tgz The /var partition usually has the most free disk space. You should cut back on the number of database revisions you have or the file can be huge. The .tgz file is platform-neutral. You can take one created on a Nokia and import it into SPLAT, for instance. Unfortunately FP2 is ancient. I think you would have to upgrade to FP3 and then to R55 and then to NGX. There is no way to print it out from the file, but the file contains ALL of the information needed to restore your SmartCenter. It's an excellent disaster recovery tool. Check Point Software: SmartCenter Tools has a way to print it out, but it won't work pre-FP3. Ray |
| 2008-02-21 | |||
| |||
| Re: Policy Backup Hi Ray, Thanks for quick reply, as I am going to take the first time backup that's why so many problems are there. In the Bin directory i found these three files "Upgrade_fwopsec.exe, upgrade_masters.exe & upgrade_bs.exe" not that file you have mentioned. Pls remember that I am using NG FP2(dnt want to upgrade into FP3). I also clicked the given link but not able to get that file, little bit confuse that what link should I go for. I want to tell you what exactly I want to do, in my organization checkpoint policy editor consists of two policy package "a" & "b". "b" having the updated policies & "a" is for backup. So I want to take the full backup from the "b" & push to "a", if any thing go wrong can use "a" as a production. Pls help me, give me step by step info & again thanks for reply previous quries. Thanks Himanshu S |
| 2008-02-23 | |||
| |||
| Re: Policy Backup Quote:
|
| 2008-02-24 | |||
| |||
| Re: Policy Backup Maybe you could try cp_merge but I think you need fp3 or higher http://www.checkpoint.com/techsuppor...rge_ng_r54.pdf I would recommend that you duplicate your working enviroment. And the use the duplicate system for a normal upgrade. It is possible that you first have to upgrade to fp3 before you can up grade to ngx. Eduard |
| 2008-02-24 | |||
| |||
| Re: Policy Backup I don't understand what "a" and "b" are. Are they separate SmartCenters or just two different policies on the same SmartCenter? You may have to open a support case with Check Point to get upgrade_export for FP2 if you do not have the original CDs. Ray |
| 2008-02-26 | |||
| |||
| Re: Policy Backup Quote:
Want to copy all the policies from "b" package to "a". Could we take the print out for all the policy? |
| 2008-02-29 | |||
| |||
| Re: Policy Backup Quote:
|
| 2008-03-02 | |||
| |||
| Re: Policy Backup Quote:
Or try to do a harddisk clone to another machine then upgrade it manually version by version... to FP3 then AI then NGX... Both ways are still going to be a pain for you, since thats an ancient version |
| 2008-03-10 | |||
| |||
| Re: Policy Backup Get the upgrade_export tool from Check Point Software: SmartCenter Tools It is a tgz file. You need to upload it to you FP2 management server, extract it and you will have the upgrade_export comand. This tool works for NGFP1 and NGFP2 as per the documentation. Read the documentation and follow the instructions. You cannot go from FP2 to NGXR65. You have to upgrade in stages as Ray Pesek said. Upgrade to FP3, then to R55, then to NGX. |
| 2008-03-12 | |||
| |||
| Re: Policy Backup Quote:
|
| 2008-03-13 | |||
| |||
| Re: Policy Backup You have two issues here. If you don't want assistance on how to upgrade to NGX in this then don't mention it as it just confuses us as to what you are looking to do. ISSUE 1: Policy backup within NG FP2 Pls remember that I am using NG FP2(dnt want to upgrade into FP3). I also clicked the given link but not able to get that file, little bit confuse that what link should I go for. I want to tell you what exactly I want to do, in my organization checkpoint policy editor consists of two policy package "a" & "b". "b" having the updated policies & "a" is for backup. So I want to take the full backup from the "b" & push to "a", if any thing go wrong can use "a" as a production. ISSUE 2: Upgrade of Management Server to NGX R65 My organization is using older version of checkpoint that is " NG Feature pack 2 build 520144" with alteon Acc & Dir. We are planning to upgrade into NGX65 with Nokia Box. I want to know how to take the policies backup, policies printout to maintain all policies database if anything goes wrong. ISSUE 1: If I am reading you correctly then you have two policy packages on the same SMARTCenter. You have a policy B that is used on the product box. You also have a policy called A that is the backup policy. In the event that policy B is not working you want to be able to revert to policy A. If you want to copy the policy from package A to package B, then just use the File, Save As, and then save PolicyA with the name of PolicyB. This will overwrite the contents of the policy package B with the contents from policy package A. Alternatively you just open up Policy A and install Policy A onto the production box. The File Save As and saving will give you a backup policy of the policy that you have open. If you save PolicyB with the name of Policy A then it will save a seperate copy of PolicyB available as a backup with the name of PolicyA. This however will not give you an upgrade path from NG FP2 to NGX. Nor will it save you from corruption of the objects or users, as this purely makes a copy of the rules. ISSUE 2: Upgrade to NGX R65. It is not possible to upgrade from NG FP2 to NGX R65 in one go, you have to have an intermediate step. I would suggest that goto NG AI R55. Check Point Software: SmartCenter Tools) Is a link to the upgrade_tools for NG AI R55 for the different platforms. Select the platform for which the management server is installed on, and the version that you want to upgrade too. On your management server goto $FWDIR/bin create a directory called upgrade_tools ftp the downloaded file from the check point website into the $FWDIR/bin/upgrade_tools unzip the .tgz file and it will extract the upgrade_export tools into the directory. run the pre upgrade verifier (instructions are in the upgrade guide to which there is a link from the page above) to check the system. make any changes recommended by the pre_upgrade verifier. Once done then run the upgrade_export tool to generate an R55 export. Build a seperate management server box with the same hostname, ip address of the existing management server and ensure is not connected to the network. Transfer the exported config to the new box. Install a clean copy of the NG AI R55 onto the new management server, select to import the configuration and point at the exported config file. This will install an R55 Management Server with the objects, users and policy upgraded from NG FP2 to NG AI R55. You will need to change the version of the gateway object to be NG AI for the upgrade to NGX R65. As you are not installing the policy from this box then it doesn't matter. You can then repeat the process but using the NGX R65 CD to upgrade to NGX R65. This will then give you an R65 Management Server. You can then build your Nokia and update the policy substituting the Nokia object for the Alteon Object in the policy manually. |
| 2008-03-13 | |||
| |||
| Re: Policy Backup Quote:
1st of all, yes this is a production server, since you are running fp2, i reckon you are changing to a fresh NEW server, please do whatever is need on your new server... You are using fp2.. whatever ways you choose WILL BE A PAIN... do it one time and get it over n done with... |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
