R: Backup and Restore SmartCenter and Gateway R55

Email lists > CheckPoint Firewall-1 discussion

Thread: R: Backup and Restore SmartCenter and Gateway R55

Search this list only Search all lists
R: Backup and Restore SmartCenter and Gateway R55
	2006-02-28 15:21:46
Massimiliano If you use NGX there's an automated tool on the CDs (I've tested in production environment and it works perfectly). For prior versions, I used to follow this procedure I made some months ago (sorry guys, it's in italian but if someone needs it in english, I can transalte it). BTW there's a public resolution on secure knowledge, somewhere.... Parti Testate : 1 - Copiare gli oggetti della macchina da migrare ( il file è in $FWDIR:\conf\Objects_5_0.C - e.g d:\fw1\r55\conf\Objects_ 5.0.C). Basta una semplice copia del file sul nuovo management server. 2 - Importare gli oggetti copiati al punto 1. La Dashboard deve essere chiusa. Da prompt lanciare : cp_merge merge_objects -d path\to\exported.file.directory (e.g. cp_merge merge_objects -d "c:\Documents And Settings \Administrator\Desktop"). L'opzione -d aspetta il path assoluto della directory dove abbiamo copiato il file al punto 1(in questo caso il Desktop dell'utente Administrator). 3 - A questo punto si può aprire la Dashboard e controllare che gli oggetti siano stati effettivamente importati. 4 - Esportare le Policies dal server che viene migrato. Da prompt digitare : cp_merge export_policy Il comando copierà nella directory dove ci troviamo tutti i gruppi di policy presenti sul server. Ognuno di essi verrà esportato in un file, con naming convention NomeGruppoPolicies.pol. A questo punto è necessario copiare il file del set di policies che ci interessa sul server che fungerà da nuova Management. 5 - Importare il ruleset nel nuovo Management Server con il comando : cp_merge import_policy -f exported_policy.pol -n NuNamePolicy exported_policy.pol comprende il path al file esportato e copiato, NuNamePolicy è il nome con cui comparirà il nuovo ruleset. E.g. : cp_merge merge_policy -f set-finale-2.pol -n Produz 6 - Ri-stabilire il SIC. (Edit -> Cluster Members -> Comunication ed inserire il SIC. Qualora non venisse accettato, ricrearlo dai singoli nodi, tramite cpconfig e "secure internal comunication"). 7 - Da Dashboard, verificare il menu in Manage -> Servers and OPSEC Applications -> Show LDAP Account Unit. Se ci sono voci, è necessario, per ognuna : - Andare nel TAB Objects Management e selezionare il server corretto da Manage Objects On L. -----Messaggio originale----- Da: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM] Per conto di Scarpati Massimiliano Inviato: martedì 28 febbraio 2006 11.59 A: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM Oggetto: [FW-1] Backup and Restore SmartCenter and Gateway R55 Hi Gurus, We are new to CheckPoint and we want plan a Backup Restore strategy for our Firewall and SmartCenter (R55) There is an Enforcmet Module R55HFA17 Secure Platform and a SmartCenter on Win2000Sp4 R55HFA17, than two Hardware separated. In case of problems is important for us the speed of restore. We think to Ghost our HardDrives having an Image of it but we are not sure of functionality. Any Suggest about backup and restore procedures are good. Thanks in Advance Mazzz ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com =================================================

R: Backup and Restore SmartCenter and Gateway R55
	2006-02-28 16:12:41
Hi all, I faced the backup and restore problem and I wrote a little document about, for personal use. Anyway, if you are interested of, I can send you the document, which I wrote in italian language, to your personal e-mail. The document is based on a cluster configuration made of two nokia node with enforcement point and policy server hosted on Secure Platform and describes the migration to a new release and the backup and restore procedures of the policy server. Why don't you use the classical backup command, better start_backup script, on the policy server? May be, you use a Microsoft Server which hasn't the backup command? Or, have you verified any problem with the backup? Best Regards Fabio Teti >Massimiliano > >If you use NGX there's an automated tool on the CDs (I've tested in >production environment and it works perfectly). For prior versions, I used >to follow this procedure I made some months ago (sorry guys, it's in italian >but if someone needs it in english, I can transalte it). BTW there's a >public resolution on secure knowledge, somewhere.... > >Parti Testate : > >1 - Copiare gli oggetti della macchina da migrare ( il file è in >$FWDIR:\conf\Objects_5_0.C - e.g d:\fw1\r55\conf\Objects_ > 5.0.C). Basta una semplice copia del file sul nuovo management server. > >2 - Importare gli oggetti copiati al punto 1. La Dashboard deve essere >chiusa. Da prompt lanciare : > cp_merge merge_objects -d path\to\exported.file.directory (e.g. >cp_merge >merge_objects -d "c:\Documents And Settings > \Administrator\Desktop"). L'opzione -d aspetta il path assoluto della >directory dove abbiamo copiato il file al punto > 1(in questo caso il Desktop dell'utente Administrator). > >3 - A questo punto si può aprire la Dashboard e controllare che gli oggetti >siano stati effettivamente importati. > >4 - Esportare le Policies dal server che viene migrato. Da prompt digitare >: > cp_merge export_policy > Il comando copierà nella directory dove ci troviamo tutti i gruppi di >policy presenti sul server. Ognuno di essi verrà > esportato in un file, con naming convention NomeGruppoPolicies.pol. A >questo punto è necessario copiare il file del > set di policies che ci interessa sul server che fungerà da nuova >Management. >5 - Importare il ruleset nel nuovo Management Server con il comando : > cp_merge import_policy -f exported_policy.pol -n NuNamePolicy > exported_policy.pol comprende il path al file esportato e copiato, >NuNamePolicy è il nome con cui comparirà il nuovo > ruleset. E.g. : cp_merge merge_policy -f set-finale-2.pol -n Produz > > >6 - Ri-stabilire il SIC. (Edit -> Cluster Members -> Comunication ed >inserire il SIC. Qualora non venisse accettato, > ricrearlo dai singoli nodi, tramite cpconfig e "secure internal >comunication"). >7 - Da Dashboard, verificare il menu in Manage -> Servers and OPSEC >Applications -> Show LDAP Account Unit. Se ci sono > voci, è necessario, per ognuna : > - Andare nel TAB Objects Management e selezionare il server corretto >da Manage Objects On > > >L. > >-----Messaggio originale----- >Da: Mailing list for discussion of Firewall-1 >[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM] Per conto di Scarpati >Massimiliano >Inviato: martedì 28 febbraio 2006 11.59 >A: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM >Oggetto: [FW-1] Backup and Restore SmartCenter and Gateway R55 > >Hi Gurus, > >We are new to CheckPoint and we want plan a Backup Restore strategy for our >Firewall and SmartCenter (R55) > >There is an Enforcmet Module R55HFA17 Secure Platform and a SmartCenter on >Win2000Sp4 R55HFA17, than two Hardware separated. > >In case of problems is important for us the speed of restore. We think to >Ghost our HardDrives having an Image of it but we are not sure of >functionality. > >Any Suggest about backup and restore procedures are good. > >Thanks in Advance > > > >Mazzz > > > > > > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >LISTSERVamadeus.us.checkpoint.com >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http: //www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, email >fw-1-ownerts.checkpoint.com >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to LISTSERVamadeus.us.checkpoint.com >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http: //www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >fw-1-ownerts.checkpoint.com >================================================= > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com =================================================

R: Backup and Restore SmartCenter and Gateway R55
	2006-02-28 16:59:48
Hi all and thanks all. Now it's true. Actually i use release R55 both SmartCenter and Enforcment and I backup Enforcment with backup tool via webacces from smartcenter using tftp. For SmartCenter (windows platform) i backup it via windows backup. The object of these questions was how to study a backup strategy to permit the fastest restore possible, with minimal approach configuration of any "technical man staff" (that could not know Checkpoint) finding in situation of failure. Has anyone tried to replace Hard drives with images of Enf Mod and Smartcenter and verified it? Or it is considered a not valid strategy in term of time and functionality? By Mazzz -----Messaggio originale----- Da: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM] Per conto di Fabio Maria Teti Inviato: martedì 28 febbraio 2006 17.13 A: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM Oggetto: Re: [FW-1] R: [FW-1] Backup and Restore SmartCenter and Gateway R55 Hi all, I faced the backup and restore problem and I wrote a little document about, for personal use. Anyway, if you are interested of, I can send you the document, which I wrote in italian language, to your personal e-mail. The document is based on a cluster configuration made of two nokia node with enforcement point and policy server hosted on Secure Platform and describes the migration to a new release and the backup and restore procedures of the policy server. Why don't you use the classical backup command, better start_backup script, on the policy server? May be, you use a Microsoft Server which hasn't the backup command? Or, have you verified any problem with the backup? Best Regards Fabio Teti >Massimiliano > >If you use NGX there's an automated tool on the CDs (I've tested in >production environment and it works perfectly). For prior versions, I used >to follow this procedure I made some months ago (sorry guys, it's in italian >but if someone needs it in english, I can transalte it). BTW there's a >public resolution on secure knowledge, somewhere.... > >Parti Testate : > >1 - Copiare gli oggetti della macchina da migrare ( il file è in >$FWDIR:\conf\Objects_5_0.C - e.g d:\fw1\r55\conf\Objects_ > 5.0.C). Basta una semplice copia del file sul nuovo management server. > >2 - Importare gli oggetti copiati al punto 1. La Dashboard deve essere >chiusa. Da prompt lanciare : > cp_merge merge_objects -d path\to\exported.file.directory (e.g. >cp_merge >merge_objects -d "c:\Documents And Settings > \Administrator\Desktop"). L'opzione -d aspetta il path assoluto della >directory dove abbiamo copiato il file al punto > 1(in questo caso il Desktop dell'utente Administrator). > >3 - A questo punto si può aprire la Dashboard e controllare che gli oggetti >siano stati effettivamente importati. > >4 - Esportare le Policies dal server che viene migrato. Da prompt digitare >: > cp_merge export_policy > Il comando copierà nella directory dove ci troviamo tutti i gruppi di >policy presenti sul server. Ognuno di essi verrà > esportato in un file, con naming convention NomeGruppoPolicies.pol. A >questo punto è necessario copiare il file del > set di policies che ci interessa sul server che fungerà da nuova >Management. >5 - Importare il ruleset nel nuovo Management Server con il comando : > cp_merge import_policy -f exported_policy.pol -n NuNamePolicy > exported_policy.pol comprende il path al file esportato e copiato, >NuNamePolicy è il nome con cui comparirà il nuovo > ruleset. E.g. : cp_merge merge_policy -f set-finale-2.pol -n Produz > > >6 - Ri-stabilire il SIC. (Edit -> Cluster Members -> Comunication ed >inserire il SIC. Qualora non venisse accettato, > ricrearlo dai singoli nodi, tramite cpconfig e "secure internal >comunication"). >7 - Da Dashboard, verificare il menu in Manage -> Servers and OPSEC >Applications -> Show LDAP Account Unit. Se ci sono > voci, è necessario, per ognuna : > - Andare nel TAB Objects Management e selezionare il server corretto >da Manage Objects On > > >L. > >-----Messaggio originale----- >Da: Mailing list for discussion of Firewall-1 >[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM] Per conto di Scarpati >Massimiliano >Inviato: martedì 28 febbraio 2006 11.59 >A: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM >Oggetto: [FW-1] Backup and Restore SmartCenter and Gateway R55 > >Hi Gurus, > >We are new to CheckPoint and we want plan a Backup Restore strategy for our >Firewall and SmartCenter (R55) > >There is an Enforcmet Module R55HFA17 Secure Platform and a SmartCenter on >Win2000Sp4 R55HFA17, than two Hardware separated. > >In case of problems is important for us the speed of restore. We think to >Ghost our HardDrives having an Image of it but we are not sure of >functionality. > >Any Suggest about backup and restore procedures are good. > >Thanks in Advance > > > >Mazzz > > > > > > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >LISTSERVamadeus.us.checkpoint.com >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http: //www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, email >fw-1-ownerts.checkpoint.com >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to LISTSERVamadeus.us.checkpoint.com >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http: //www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >fw-1-ownerts.checkpoint.com >================================================= > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to LISTSERVamadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http: //www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ownerts.checkpoint.com =================================================

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES