Checkpoint   Checkpoint – Schedule management database backup



The upgrade_tools (or the migrate command) is a powerful and simple tool that allows us to perform a backup of our Checkpoint database, objects, policies…

Backing up periodically the Checkpoint configuration allows us to recover quickly from a disaster by setting up a new SMS (Security Management Server). This involves two steps:

Script that exports the Checkpoint configuration

This could be the most simple version of the script (migrate_export.sh for example):

#!/bin/bash

source $HOME/.bash_profile

TODAY=`date +%Y-%d-%m`
TARGET_PATH=/BACKUPS_FOLDER
TARGET_FILE=$TARGET_PATH/EXPORTDB_$TODAY.tgz

if [ -d $TARGET_PATH ]
then
        cpstop &> /dev/null
        $FWDIR/bin/upgrade_tools/migrate export -n $TARGET_FILE
        cpstart &> /dev/null
fi

It is interesting as an option to use as the target path a mounted volume to use another server as a backup repository or storage.

I created a "SCRIPTS" subfolder on my user $HOME. Choose the location to save your script and then, add execution permissions.

# chmod +x /home/admin/SCRIPTS/migrate_export.sh

Test it by launching it manually to ensure it works like you want. Then we can continue with the next step

Schedule the backup periodically

This is a light and fast backup so that we can schedule it to be executed once a week for example.
This example shows an schedule configuration every monday at 7:00 that can be done via Gaia WebUI or command:

Gaia WebUI

System management – Job Scheduler – Add

Checkpoint - job scheduler migrate export

Checkpoint - job scheduler migrate export 2

Gaia command

add cron job EXPORTDB command /home/admin/SCRIPTS/migrate_export.sh recurrence weekly days 1 time 07:00

When the recurrence is weekly: To specify the days, enter the day by number: 0 is Sunday and 6 is Saturday.
When the recurrence is monthly: To specify the days, enter the day by number: 1 to 31.
Separate several days with commas. For example: for Monday and Thursday enter 1,4

 

Reinstall SMS server using the database backup

Hope you never have to use the backup but, if so, visit my post Checkpoint – Reinstall SMS using configuration backup

Leave a Reply

Your email address will not be published. Required fields are marked *