Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Luis_Miguel_Mig
Advisor

Is there a way to restore a database policy revision from the GAIA cli?

Hi,

I am aware of commands like fw load, fw fetch , dbver and also I know that the database policy repository is at $FWDIR/conf/db_versions/repository/.

So I was wondering if there is a way to restore a database revision policy from the GAIA CLI?

Luis

12 Replies
PhoneBoy
Admin
Admin

dbver is the command pre-R80.

In R80+, the mechanism for maintaining database versions is completely different.

0 Kudos
Gaurav_Pandya
Advisor

Hi Dameon,

Yes. There are commands in CLI for database revisions in pre-R80.

In R80, There are steps in dashboard for database versions. but i did not get any information with CLI. So we can do database revisions with CLI in R80?

0 Kudos
PhoneBoy
Admin
Admin

As I said, the database revisions are completely different, as in it does not work the same way at all.

What is possible in the UI can be done via the CLI/API.

For background, refer to:

For how to do some of these things via the API/CLI, refer to the API docs under "Session Management": 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.1

0 Kudos
Gaurav_Pandya
Advisor

Ok Dameon,

Thanks

0 Kudos
Juan_Concepcion
Advisor

You can install old policy but database revision, where you could roll back objects database as well, does not exist.  It's manual process to figure out what changed and revert the changes manually - at least that is what I was told by support.

0 Kudos
Luis_Miguel_Mig
Advisor

So will  the capability of  rolling back  policies and database objects from the CLI  (like in pre-80 with dbver restore) be deployed in R80.10?

0 Kudos
PhoneBoy
Admin
Admin

Not in R80.10.

Even so, I believe a dbver restore didn’t get quite everything.

There are plans to improve this.

0 Kudos
Luis_Miguel_Mig
Advisor

I was just wondering what you mean. What is dbver missing?

Dbver restore is equivalent to File -> Database Revision Control ->Action -> Restore, isn't it?

So if due to a configuration change you lose access to the firewall manager but you still have console access, you could restore the last good configuration without requiring fw unloadlocal, which is good.

0 Kudos
PhoneBoy
Admin
Admin

I was definitely mistaken.

It's somewhat related to this thread and ways you would work around this without using database revisions: https://community.checkpoint.com/message/1855?sr=search&searchId=fb6dd9cd-e7d9-4c9c-9855-ebd904a3b01...

0 Kudos
Vladislav_Nedo1
Explorer

Hi All,

So is the any way to do it or not? 

Have gone through the several topics, but haven't found any answer...

In my case, something has been done with Implied Rule, so I can still access the device via SSH but not SmartConsole.

Any help would be appreciated.

Thanks.

0 Kudos
Juan_Concepcion
Advisor

No you can install and old policy via revisions but cannot roll back the database any longer unless you have a backup.

Thanks,

Juan Concepcion

0 Kudos
Robert_Decker
Advisor

Please note that Management API for R80.10 release does NOT have revisions manipulation capabilities.

This feature is planned for R80.20 release.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events