Posts Tagged ‘CCSE’

CCSA/E Study Notes – Advanced Upgrading

August 26, 2012 5 comments

Checkpoint provides three methods for backing and restoring the operating system and networking parameters.

  • Snapshot and Revert – Snapshots can only be performed on Splat and backs up everything including the OS drivers; can be used to backup both gateway and management server. File sizes for these backups are usually very  large and can only be restored to devices having the EXACT OS, Checkpoint version of Splat and patch level. Command used to perform a snapshot is snapshot_ and must be run from expert mode. By default the snapshot file is stored in the /var/CPsnapshot/snapshots directory. To perform a restore, issue the revert command from expert mode. 
  • Backup and Restore – The Backup utility is only available on Splat and backups up your firewall configuration as well as networking parameters such as routing. The file size is usually smaller than that of a snapshot because it doesn’t contain any drivers. Can be used to restore to a machine having the same OS, Checkpoint version and patch level. Backups are performed using the backup command; the default location is /var/CPbackup/backups. On UTM-1 and Power-1 appliacnes the default location is /var/log/CPbackup/backups. Restoring is done by issuing the restore command from export mode. Backups are generally performed via the WebUI however restores must be done via the CLI.
  • Upgrade_export/Export – Upgrade tools backs up all configuration independent of hardware, OS and Checkpoint version. Migrate utility is used for uprades/migration of database information and can’t be used when downgrading to an earlier version of Checkpoint. File size usually depends on the size of your Policy. Usually this can be done on a live system provided that the CPU isn’t overloaded. Can be run on Splat, Linux and Windows. Upgrade tools on R75 can be found at $FWDIR/bin/upgrade_tools

Saving Interface and Routing Information

  • Windows: netstat -rm > routes.txt – saves route information to text file.
  • Windows: ipconfig -a > ipconfig.txt – saves interface information to tex file.
  • Splat: ifconfig > ifconfig.txt – saves inferface information to text file.
  • Splat: copy /etc/sysconfig/network.C <location>– copies files containing route information to a location defined.

Performing Upgrades

Always upgrade the Security Management Server first before the Gateways.

Migration steps for SMS

  1. Prepare source machine for export by performing a migrate export which creates a backup of all configurations. Once this is completed, export the file using SCP on Splat or by copying it from its directory on Windows.
  2. Perform clean install on new server
  3. Import the database on the new server using the migrate import command.
  4. Test to make sure everything works before putting into production.