Checkpoint   Checkpoint – Database Revision Control



“Database Revision Control” is a really useful feature when you are going to make important and/or many changes in the firewall policy, objects…

To make an analogy, DRC are like snapshots (as in the case of VMWare of a virtual machine) of the policies, objects, etc … everything that contains the database of the management server of Checkpoint is backed up (unlike the policy package that cannot be used as backups and only contains rulebases).

For example, if I am going to make many changes in the policy, clean many rules, etc … I usually create one:

Checkpoint - Database Revision Control menu

Checkpoint - create new Database Revision Control

Of course, you can have several created at once too.

Checkpoint - Database Revision Control

(I am still based on R77.20 / R77.30. When I migrate in a short time to R80.XX, I will make the respective post)

Once created, It keeps stored if you dont delete it explicitly or if you dont use automatic deletion feature.
Checkpoint - Database Revision Control automatically delete old versions

Altough you use “automatic deletion”, you can mark a revision to not to be affected by this feature when creating it by checking the “Keep this version from being deleted automatically” option, or with the “Keep” option after created.

At any time you can select one of the stored versions and show the contents (View version), return to a version (Restore version), show the properties or delete it.
Checkpoint - Database Revision Control actions

Finally, it is also possible to create a DSR automatically each time a policy is installed by checking the “Create a new database version upon Install Policy operation”. My personal view is that is better not to use this because you can lose control of what is created.

I usually create a DRS, apply the changes, keep the version for some days or a week or whatever… and if nothing got broken… delete it.

Leave a Reply

Your email address will not be published. Required fields are marked *