what you said make sense; however, when you have some
customization on the
enforcement module, that will be no longer valid.
For example, if you make customization to the
$FWDIR/boot/modules/fwkern.conf file, $FWDIR/conf/discntd.if
or disable
the web interface /etc/sysconfig/cphttps file, saving just
the /etc/sysconfig/netconf.C file will not be enough.
"backup" command will also save these files for
you as well.
cheers
Matthew Odendaal <matthew ISA.CO.ZA> wrote: From
my experience, you could use the backup command, but I
usually
script my own backups to take all the necessary files I
need. To be
honest, you really only need 1 file for a standard
enforcement module.
All I do is backup the /etc/sysconfig/netconf.C file which
stores all
the interfaces and routes. It's really simple to restore
(you can even
do it without rebooting the server by replacing the file and
then
running "cpnetconf load").
For a really simple and quick backup of an enforcement
module's network
config, the netconf.C file is really all you need (on older
SPLAT
builds, the file is called cpnetstart).
Cheers
Matt
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of
cisco4ng
Sent: 03 January 2008 05:31 AM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] backing up Secureplatform Enforcement
Modules
Thanks guys for your reply. I will be using
"backup" command and
move these gz file to my backup server.
Jim Johnson wrote: Depends how many routes and
interfaces you have configured. With five NICs
and dozens of routes I find the backup command quite useful.
I have it
take
automatic monthly backups and then quarterly I'll copy the
latest
monthly
backup off of the server. My routes/NICs don't change that
often, so
even
losing three month's worth of changes is ok (most likely I
didn't change
anything in the last three months). Since using the backup
command is
so
quick and easy, why not?
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf
> Of Hugo van der Kooij
> Sent: Wednesday, January 02, 2008 12:12 PM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] backing up Secureplatform
Enforcement Modules
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> cisco4ng wrote:
> > Hi All,
> >
> > How does one go about backing up checkpoint
Secureplatform
> > Enforcement Modules? Since upgrade_export does
not work
> on Enforcement Module.
> > What is the best practice in backing up
Enforcement module?
>
> Frankly. I never bother. I find it faster to install
from
> scratch and do the ip config.
>
> Hugo.
>
> - --
> hvdkooijvanderkooij.org http://hugo.vanderkooij.
org/
> PGP/GPG? Use: http://hug
o.vanderkooij.org/0x58F19981.asc
>
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of
conversation.
> >>>Q: Why is top posting frowned upon?
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
---------------------------------
Never miss a thing. Make Yahoo your homepage.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
---------------------------------
Looking for last minute shopping deals? Find them fast with
Yahoo! Search.
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
