Is there a way to restore a database policy revisi...

Luis_Miguel_Mig · ‎2017-09-28

Hi,

I am aware of commands like fw load, fw fetch , dbver and also I know that the database policy repository is at $FWDIR/conf/db_versions/repository/.

So I was wondering if there is a way to restore a database revision policy from the GAIA CLI?

Luis

PhoneBoy · ‎2017-09-28

dbver is the command pre-R80.

In R80+, the mechanism for maintaining database versions is completely different.

Gaurav_Pandya · ‎2017-09-29

Hi Dameon,

Yes. There are commands in CLI for database revisions in pre-R80.

In R80, There are steps in dashboard for database versions. but i did not get any information with CLI. So we can do database revisions with CLI in R80?

PhoneBoy · ‎2017-09-29

As I said, the database revisions are completely different, as in it does not work the same way at all.

What is possible in the UI can be done via the CLI/API.

For background, refer to:

For how to do some of these things via the API/CLI, refer to the API docs under "Session Management":

https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.1

Gaurav_Pandya · ‎2017-10-03

Ok Dameon,

Thanks

Juan_Concepcion · ‎2017-10-04

You can install old policy but database revision, where you could roll back objects database as well, does not exist. It's manual process to figure out what changed and revert the changes manually - at least that is what I was told by support.

Luis_Miguel_Mig · ‎2017-10-09

So will the capability of rolling back policies and database objects from the CLI (like in pre-80 with dbver restore) be deployed in R80.10?

PhoneBoy · ‎2017-10-09

Not in R80.10.

Even so, I believe a dbver restore didn’t get quite everything.

There are plans to improve this.

Luis_Miguel_Mig · ‎2017-10-10

I was just wondering what you mean. What is dbver missing?

Dbver restore is equivalent to File -> Database Revision Control ->Action -> Restore, isn't it?

So if due to a configuration change you lose access to the firewall manager but you still have console access, you could restore the last good configuration without requiring fw unloadlocal, which is good.

PhoneBoy · ‎2017-10-10

I was definitely mistaken.

It's somewhat related to this thread and ways you would work around this without using database revisions: https://community.checkpoint.com/message/1855?sr=search&searchId=fb6dd9cd-e7d9-4c9c-9855-ebd904a3b01...‌

Vladislav_Nedo1 · ‎2018-03-19

Hi All,

So is the any way to do it or not?

Have gone through the several topics, but haven't found any answer...

In my case, something has been done with Implied Rule, so I can still access the device via SSH but not SmartConsole.

Any help would be appreciated.

Thanks.

Juan_Concepcion · ‎2018-03-19

No you can install and old policy via revisions but cannot roll back the database any longer unless you have a backup.

Thanks,

Juan Concepcion

Robert_Decker · ‎2018-03-21

Please note that Management API for R80.10 release does NOT have revisions manipulation capabilities.

This feature is planned for R80.20 release.

Is there a way to restore a database policy revision from the GAIA cli?

General