Hi all, I faced the backup and restore problem and I wrote a little
document about, for personal use. Anyway, if you are interested of, I
can send you the document, which I wrote in italian language, to your
personal e-mail.
The document is based on a cluster configuration made of two nokia node
with enforcement point and policy server hosted on Secure Platform and
describes the migration to a new release and the backup and restore
procedures of the policy server.
Why don't you use the classical backup command, better start_backup
script, on the policy server? May be, you use a Microsoft Server which
hasn't the backup command?
Or, have you verified any problem with the backup?
Best Regards
Fabio Teti
Massimiliano
If you use NGX there's an automated tool on the CDs (I've tested in
production environment and it works perfectly). For prior versions, I used
to follow this procedure I made some months ago (sorry guys, it's in italian
but if someone needs it in english, I can transalte it). BTW there's a
public resolution on secure knowledge, somewhere....
Parti Testate :
1 - Copiare gli oggetti della macchina da migrare ( il file è in
$FWDIR:\conf\Objects_5_0.C - e.g d:\fw1\r55\conf\Objects_
5.0.C). Basta una semplice copia del file sul nuovo management server.
2 - Importare gli oggetti copiati al punto 1. La Dashboard deve essere
chiusa. Da prompt lanciare :
cp_merge merge_objects -d path\to\exported.file.directory (e.g.
cp_merge
merge_objects -d "c:\Documents And Settings
\Administrator\Desktop"). L'opzione -d aspetta il path assoluto della
directory dove abbiamo copiato il file al punto
1(in questo caso il Desktop dell'utente Administrator).
3 - A questo punto si può aprire la Dashboard e controllare che gli oggetti
siano stati effettivamente importati.
4 - Esportare le Policies dal server che viene migrato. Da prompt digitare
:
cp_merge export_policy
Il comando copierà nella directory dove ci troviamo tutti i gruppi di
policy presenti sul server. Ognuno di essi verrà
esportato in un file, con naming convention NomeGruppoPolicies.pol. A
questo punto è necessario copiare il file del
set di policies che ci interessa sul server che fungerà da nuova
Management.
5 - Importare il ruleset nel nuovo Management Server con il comando :
cp_merge import_policy -f exported_policy.pol -n NuNamePolicy
exported_policy.pol comprende il path al file esportato e copiato,
NuNamePolicy è il nome con cui comparirà il nuovo
ruleset. E.g. : cp_merge merge_policy -f set-finale-2.pol -n Produz
6 - Ri-stabilire il SIC. (Edit -> Cluster Members -> Comunication ed
inserire il SIC. Qualora non venisse accettato,
ricrearlo dai singoli nodi, tramite cpconfig e "secure internal
comunication").
7 - Da Dashboard, verificare il menu in Manage -> Servers and OPSEC
Applications -> Show LDAP Account Unit. Se ci sono
voci, è necessario, per ognuna :
- Andare nel TAB Objects Management e selezionare il server corretto
da Manage Objects On
L.
-----Messaggio originale-----
Da: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] Per conto di Scarpati
Massimiliano
Inviato: martedì 28 febbraio 2006 11.59
A: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Oggetto: [FW-1] Backup and Restore SmartCenter and Gateway R55
Hi Gurus,
We are new to CheckPoint and we want plan a Backup Restore strategy for our
Firewall and SmartCenter (R55)
There is an Enforcmet Module R55HFA17 Secure Platform and a SmartCenter on
Win2000Sp4 R55HFA17, than two Hardware separated.
In case of problems is important for us the speed of restore. We think to
Ghost our HardDrives having an Image of it but we are not sure of
functionality.
Any Suggest about backup and restore procedures are good.
Thanks in Advance
Mazzz
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
