The upgrade_tools (or the migrate command) is a powerful and simple tool that allows us to perform a backup of our Checkpoint database, objects, policies…
Backing up periodically the Checkpoint configuration allows us to recover quickly from a disaster by setting up a new SMS (Security Management Server). This involves two steps:
Script that exports the Checkpoint configuration
This could be the most simple version of the script (migrate_export.sh for example):
TODAY=`date +%Y-%d-%m` TARGET_PATH=/BACKUPS_FOLDER TARGET_FILE=$TARGET_PATH/EXPORTDB_$TODAY.tgz if [ -d $TARGET_PATH ] then cpstop &> /dev/null $FWDIR/bin/upgrade_tools/migrate export -n $TARGET_FILE cpstart &> /dev/null fi
It is interesting as an option to use as the target path a mounted volume to use another server as a backup repository or storage.
I created a "SCRIPTS" subfolder on my user $HOME. Choose the location to save your script and then, add execution permissions.
# chmod +x /home/admin/SCRIPTS/migrate_export.sh
Test it by launching it manually to ensure it works like you want. Then we can continue with the next step
Schedule the backup periodically
This is a light and fast backup so that we can schedule it to be executed once a week for example.
This example shows an schedule configuration every monday at 7:00 that can be done via Gaia WebUI or command:
System management – Job Scheduler – Add
add cron job EXPORTDB command /home/admin/SCRIPTS/migrate_export.sh recurrence weekly days 1 time 07:00
When the recurrence is weekly: To specify the days, enter the day by number: 0 is Sunday and 6 is Saturday.
When the recurrence is monthly: To specify the days, enter the day by number: 1 to 31.
Separate several days with commas. For example: for Monday and Thursday enter 1,4
Reinstall SMS server using the database backup
Hope you never have to use the backup but, if so, visit my post Checkpoint – Reinstall SMS using configuration backup