CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 2 of 2

Thread: Questions for CheckPoint DR Recovery

  1. #1
    Join Date
    Rep Power

    Default Questions for CheckPoint DR Recovery

    Hello folks,

    I am fairly new to CheckPoint and will be performing a DR test exercise. I have performed DR on Production in the past which was related to backup software a but need your suggestion on this DR test lab exercise where I will be performing to ensure everything goes well should a real disaster occur. This may be basic to you guys but I just need clarification so I do it the right way.

    The scenario is that I will be in our IT Head Office with access to PC to connect to a remote site (I assume we will connect via RDP or VPN) where the DR is to be performed. The DR location to be tested is in a different site (another state than ours) and believe Firewall will be connected to a PC where I will remote into. I have been provided with an exercise list but that list only contains performing fresh installation from the Gaia R77.30 CD (which I understand will be helpful in case there isn't any image or need to boot off of the CD). It also contains tasks to perform First Run Configuration from the Gaia Web UI Wizard Setup, connecting to WebUI to add static routes (default route to external and setting static routes for internal). Furthermore, it has tasks to login to Smart Dashboard to install and configure policy, set Stealth and Cleanup Rules, inserting access rules for inside to internet and allow any. Last but not least, to push policy and verify internet access. This to me doesn't seem like a real disaster recovery. My understanding is that we should take a system, export, and show configuration backups, and use that to recover. Correct me if I am wrong.

    1) If this is the case (which means I will take the backup of our Firewall and Management server located in our local office and restore to the remote site's network), then those policies won't work as they will have different IPs from the remote site's network IPs.
    2) Since the remote location will have different IPs including DNS and routing information from the backup that is taken, how will this play out?
    3) What IPs (IP for Gateway, Management, internal, external, including static) should I be using? I assume theirs.
    3) I see one of the bulleted points for this DR test exercise is to build, configure, and test the internal and external firewalls.

    Please advise and thank you for assistance here.

  2. #2
    Join Date
    Rep Power

    Default Re: Questions for CheckPoint DR Recovery

    Export/Import Backup/Restore to work properly relies on the IP addressing being the same at the DR location as in Production.

    This is unrealistic to expect so yes you would be wrong in your assumption as such.

    For that to work then basically would be relying on having the same Network Infrastructure with IP addressing available at the DR site, along with the ISP redirecting your public IP to the DR location.
    The downside there is that when you test your DR process then you will lose the existing site. An untested DR process really isn't suitable process.

    This will be why your DR process shows building new units etc with new policies as the IP etc will all be different at the DR location.

    Just as easy to build up clean with what you need rather then try and identify then spend time modifying everything to fit in the DR location.

    By the sounds of it then basically the DR is simply to get Users up and connected to the Internet in a no frills/no fuss manner.

Similar Threads

  1. questions about CheckPoint UTM 576
    By rockcp32 in forum Miscellaneous
    Replies: 1
    Last Post: 2013-06-17, 11:51
  2. Backup and Recovery for CheckPoint SecurePlatform
    By ricardo in forum Check Point SecurePlatform (SPLAT)
    Replies: 17
    Last Post: 2012-04-26, 11:21
  3. SPLAT password recovery, checkpoint sk24666
    By cciesec2006 in forum Check Point SecurePlatform (SPLAT)
    Replies: 5
    Last Post: 2009-04-28, 06:34
  4. recovery checkpoint on IPSO flash based IP690
    By anibal99 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 1
    Last Post: 2009-01-01, 18:07
  5. Checkpoint Management Password Recovery
    By thomas.jreige in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2005-09-22, 23:40

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts