PDA

View Full Version : Checkpoint basic config file



oharek
2016-01-15, 18:00
Hello,

I intend to upgrade my Checkpoint R77.20 to R77.30 soon and i want to format the box and re-image to R77.30 instend of doing just updates

Is their anyway i can take a backup of say a config file that will have all the basics like routing, dns names, ntp and username so that i can use it during the new install via the wizard. Then all i have to do is push out the policy again from the Smart 210 Mgr appliance


thanks
Kevin:confused:

ShadowPeak.com
2016-01-15, 20:38
Hello,

I intend to upgrade my Checkpoint R77.20 to R77.30 soon and i want to format the box and re-image to R77.30 instend of doing just updates

Is their anyway i can take a backup of say a config file that will have all the basics like routing, dns names, ntp and username so that i can use it during the new install via the wizard. Then all i have to do is push out the policy again from the Smart 210 Mgr appliance


thanks
Kevin:confused:

Assuming it is Gaia or IPSO, /config/active (or more probably a file called "initial" that /config/active is a symbolic link to) is the file you want. I'd also strongly recommend taking a backup with the "backup" command and copying the resulting file off the firewall just in case there is something else you've missed.

Also when doing a reload on a gateway watch out for any local file modifications that will be lost, some of which are not necessarily contained within the backup file:

/etc/rc.local
/boot/grub/grub.conf
$FWDIR/conf/ipassignment.conf
$FWDIR/conf/local.arp
$FWDIR/boot/modules/fwkern.conf
$FWDIR/conf/discntd.if
$FWDIR/conf/fwauthd.conf
$FWDIR/conf/vpn_route.conf

These are the ones I can think of off the top of my head, I'm sure others will chime in with more.

oharek
2016-01-17, 05:57
Assuming it is Gaia or IPSO, /config/active (or more probably a file called "initial" that /config/active is a symbolic link to) is the file you want. I'd also strongly recommend taking a backup with the "backup" command and copying the resulting file off the firewall just in case there is something else you've missed.

Also when doing a reload on a gateway watch out for any local file modifications that will be lost, some of which are not necessarily contained within the backup file:

/etc/rc.local
/boot/grub/grub.conf
$FWDIR/conf/ipassignment.conf
$FWDIR/conf/local.arp
$FWDIR/boot/modules/fwkern.conf
$FWDIR/conf/discntd.if
$FWDIR/conf/fwauthd.conf
$FWDIR/conf/vpn_route.conf

These are the ones I can think of off the top of my head, I'm sure others will chime in with more.

Thanks for that - I will give this a go.

I did a few restores recently with a full backup and noticed the backup will only restore once you have applied any Hotfixes that you previously used when you took the backup.

ShadowPeak.com
2016-01-17, 10:06
Thanks for that - I will give this a go.

I did a few restores recently with a full backup and noticed the backup will only restore once you have applied any Hotfixes that you previously used when you took the backup.

Right, backups only have OS-level and Check Point configuration data. Therefore when restoring a backup you need to manually bring the OS and Check Point code back up to the same level from which the backup was taken.