Hi all and thanks all.
Now it's true.
Actually i use release R55 both SmartCenter and Enforcment and I backup
Enforcment with backup tool via webacces from smartcenter using tftp.
For SmartCenter (windows platform) i backup it via windows backup.
The object of these questions was how to study a backup strategy to permit
the fastest restore possible, with minimal approach configuration of any
"technical man staff" (that could not know Checkpoint) finding in situation
of failure.
Has anyone tried to replace Hard drives with images of Enf Mod and
Smartcenter and verified it? Or it is considered a not valid strategy in
term of time and functionality?
By Mazzz
-----Messaggio originale-----
Da: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] Per conto di Fabio
Maria
Teti
Inviato: martedì 28 febbraio 2006 17.13
A: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Oggetto: Re: [FW-1] R: [FW-1] Backup and Restore SmartCenter and Gateway R55
Hi all, I faced the backup and restore problem and I wrote a little
document about, for personal use. Anyway, if you are interested of, I
can send you the document, which I wrote in italian language, to your
personal e-mail.
The document is based on a cluster configuration made of two nokia node
with enforcement point and policy server hosted on Secure Platform and
describes the migration to a new release and the backup and restore
procedures of the policy server.
Why don't you use the classical backup command, better start_backup
script, on the policy server? May be, you use a Microsoft Server which
hasn't the backup command?
Or, have you verified any problem with the backup?
Best Regards
Fabio Teti
>Massimiliano
>
>If you use NGX there's an automated tool on the CDs (I've tested in
>production environment and it works perfectly). For prior versions, I used
>to follow this procedure I made some months ago (sorry guys, it's in
italian
>but if someone needs it in english, I can transalte it). BTW there's a
>public resolution on secure knowledge, somewhere....
>
>Parti Testate :
>
>1 - Copiare gli oggetti della macchina da migrare ( il file è in
>$FWDIR:\conf\Objects_5_0.C - e.g d:\fw1\r55\conf\Objects_
> 5.0.C). Basta una semplice copia del file sul nuovo management
server.
>
>2 - Importare gli oggetti copiati al punto 1. La Dashboard deve essere
>chiusa. Da prompt lanciare :
> cp_merge merge_objects -d path\to\exported.file.directory (e.g.
>cp_merge
>merge_objects -d "c:\Documents And Settings
> \Administrator\Desktop"). L'opzione -d aspetta il path assoluto della
>directory dove abbiamo copiato il file al punto
> 1(in questo caso il Desktop dell'utente Administrator).
>
>3 - A questo punto si può aprire la Dashboard e controllare che gli oggetti
>siano stati effettivamente importati.
>
>4 - Esportare le Policies dal server che viene migrato. Da prompt digitare
>:
> cp_merge export_policy
> Il comando copierà nella directory dove ci troviamo tutti i gruppi di
>policy presenti sul server. Ognuno di essi verrà
> esportato in un file, con naming convention NomeGruppoPolicies.pol. A
>questo punto è necessario copiare il file del
> set di policies che ci interessa sul server che fungerà da nuova
>Management.
>5 - Importare il ruleset nel nuovo Management Server con il comando :
> cp_merge import_policy -f exported_policy.pol -n NuNamePolicy
> exported_policy.pol comprende il path al file esportato e copiato,
>NuNamePolicy è il nome con cui comparirà il nuovo
> ruleset. E.g. : cp_merge merge_policy -f set-finale-2.pol -n Produz
>
>
>6 - Ri-stabilire il SIC. (Edit -> Cluster Members -> Comunication ed
>inserire il SIC. Qualora non venisse accettato,
> ricrearlo dai singoli nodi, tramite cpconfig e "secure internal
>comunication").
>7 - Da Dashboard, verificare il menu in Manage -> Servers and OPSEC
>Applications -> Show LDAP Account Unit. Se ci sono
> voci, è necessario, per ognuna :
> - Andare nel TAB Objects Management e selezionare il server corretto
>da Manage Objects On
>
>
>L.
>
>-----Messaggio originale-----
>Da: Mailing list for discussion of Firewall-1
>[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] Per conto di
>Scarpati
>Massimiliano
>Inviato: martedì 28 febbraio 2006 11.59
>A: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Oggetto: [FW-1] Backup and Restore SmartCenter and Gateway R55
>
>Hi Gurus,
>
>We are new to CheckPoint and we want plan a Backup Restore strategy for our
>Firewall and SmartCenter (R55)
>
>There is an Enforcmet Module R55HFA17 Secure Platform and a SmartCenter on
>Win2000Sp4 R55HFA17, than two Hardware separated.
>
>In case of problems is important for us the speed of restore. We think to
>Ghost our HardDrives having an Image of it but we are not sure of
>functionality.
>
>Any Suggest about backup and restore procedures are good.
>
>Thanks in Advance
>
>
>
>Mazzz
>
>
>
>
>
>
>=================================================
>To set vacation, Out-Of-Office, or away messages, send an email to
>LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
