This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ivo_Marques
Contributor
‎2018-11-28 03:40 AM

Howto migrate export - R80.10

Hi guys,

 

We recently migrate to R80.10 and now we need to export the policy. I read somewhere in the forum that you could do that with the RestAPI, I think something using "show access rulebase" (I will find it later).

 

So, my question is it's a full export like "./migrate export"? This method also export the IP SEC Communities whit the pre-shared secret? I'm able to import the file to create a similar environment?

 

Can I see this method like a backup of my SMS?

Thanks in advanced,

Ivo

6 Replies
Joshua_Hatter
Employee
Employee
‎2018-11-28 05:56 AM

You can export a policy and the majority of it's objects. I wouldn't think of it as a replacement to existing procedures as there are still limitations on some objects the API cannot handle.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-28 12:17 PM

See this script and read the comments:

Python tool for exporting/importing a policy package or parts of it

0 Kudos
Egor_Cherkasov
Contributor
‎2018-11-29 04:10 AM

A little time ago I did that operation, I used migration tool to transfer secury policy.
Migration tool can not export (and certainly import) logging settings, nat settings and rules, logs.
Also might be a problem with internal certificates, when you will import a policy.

But migration tool will import all objects, security policy and rules, blade settings and global properties.

There are a lot of obstacles, because the Check Point hasn't such operation as I've understood.

0 Kudos
_Val_
Admin
Admin
‎2018-11-29 04:17 AM
In response to Egor_Cherkasov

I am not sure I fully understand what you are trying to say. However, if you are saying that migrate tool cannot be used to export a single policy package, that is true. It is designed and advised to be used for migrating to a different HW, IP address, etc, for the whole SMS or a Security Domain. 

As Dameon mentioned above, there is a script for policy migration that you could use.

_Val_
Admin
Admin
‎2018-11-29 04:13 AM

>>Can I see this method like a backup of my SMS?

Yes, migrate export is actually one of the recommended ways to backup your management. If you need to export not jsut the DB and ICA, but the logs, there is a flag to do so.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2020-04-19 07:34 AM

Hi @Ivo_Marques 

You can also use the following script from me:

Easy Backup Tool - (migrate export + all GAIA configs)

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup"

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top