This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Harshpal_Bhati
Employee
Employee
‎2018-07-02 04:30 AM

Script to Automate GAIA Configuration backup

Hi,

i wrote below script for my customer to automate gaia configuration backup of gateway . Script runs on management and it can fetch the "show configuration"  of all the gateway and create a file for individual gateway .

Steps :

Perform below on management server .

 

  1. Create a Directory called gaiagwbkp under /var/log
  2.  Create a file called gateway_ip_list.txt under /opt/CPsuite-R80/fw1/scripts and add ip address of the gateway which is being managed by same management server
  3. [Expert@PROD-MGMT-R80:0]# cat gateway_ip_list.txt
    10.1.1.254
    [Expert@PROD-MGMT-R80:0]#
  4. Create a file called gaiafwbkp.sh under /opt/CPsuite-R80/fw1/scripts and copy the script content and change file permission

*****************************************

[Expert@PROD-MGMT-R80:0]# cat gaiafwbkp.sh
#!/bin/sh
source /opt/CPshrd-R80/tmp/.CPprofile.sh
for dest in $(<gateway_ip_list.txt); do
hostname=`cprid_util -server $dest -verbose rexec -rcmd /bin/bash -c "hostname"`
now=$(date +"%m_%d_%Y")
cprid_util -server $dest -verbose rexec -rcmd /bin/clish -c "show configuration" > /var/log/gaiagwbkp/$hostname$now
done

************************************

4. run script gaiafwbkp.sh

5. Schedule job from GAIA portal using job scheduler 

6. if needed you can run another job to ftp this backup files to ftp server as well

Labels
13 Replies
ED
Advisor
‎2018-07-03 12:02 AM

Thanks for sharing, very useful. 

HeikoAnkenbrand
Champion Champion
Champion
‎2018-07-03 08:47 AM

Nice!

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Martin_Valenta
Advisor
‎2018-07-06 08:18 AM

CDT is better way to do that. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-06 10:12 AM
In response to Martin_Valenta

CDT only works on R77.30 and later.

I could see this script being useful on older systems, potentially. 

That said, I must provide a word of caution with this approach. 

Especially in some earlier versions of Gaia, the order that "show configuration" outputs the commands in won't necessarily work when you import that same configuration.

Allen_Fambro
Employee
Employee
‎2019-03-25 10:16 AM
In response to PhoneBoy

Does CDT work for SMB appliances (1100's, 1400's) that are centrally managed?? One of the requirements is that the gateways are on Gaia R77.30 however the "Gaia Embedded" software line is only at R77.20.85 to date.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-25 11:21 AM
In response to Allen_Fambro

CDT is not supported for SMB appliances.
Vladimir
Champion
Champion
‎2019-05-21 10:04 AM
In response to PhoneBoy

@PhoneBoy , yep: the add and set sequence gets out of whack. Still seeing it happening when attempting to replicate old Gaia configs on the newly deployed gateways using output of "show configuration".

Theoretically, pasting this file twice should solve these issues, as the prerequisites will take effect in the first pass and dependent settings in second.

0 Kudos
Dave_Taylor1
Collaborator
‎2019-05-21 07:44 AM
In response to Martin_Valenta

What is CDT?
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-05-21 07:48 AM
In response to Dave_Taylor1

sk111158: Central Deployment Tool (CDT)

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Andrew_Larrick
Participant
‎2020-07-01 06:51 AM

I love this idea, and the script works great if I run it manually but has anyone been able to make it run via Job Scheduler?  Doesn't work for me.   Running R80.30.   I have updated the relevant paths to R80.30 and even went so far as to add an absolute path for cprid_util, still nothing.

 

Thanks for any suggestions

 

Andrew 

0 Kudos
Danny
Champion Champion
Champion
‎2020-07-01 10:33 AM
In response to Andrew_Larrick

Just install CDT on your management, edit $CDTDIR/CentralDeploymentTool.xml to your needs and add the following line to the job scheduler of your management server:

source /etc/profile.d/CP.sh; . $CDTDIR/CentralDeploymentTool -rma -backupall 2>/dev/null
0 Kudos
dj0Nz
Advisor
‎2021-08-17 01:12 AM
In response to Andrew_Larrick

Late to the show but maybe this helps anyone else: For me, a similar solution worked only after adding hostname entries for the gateways. And I had to remove nonprintables from hostnames which did get there anyhow I dont know. You may find scripts for adding hostnames and doing config backups on my Github repository (https://github.com/dj0nz/cptools).

But I agree with other comments here: Check out CDT if you can spare the time. Probably the better long-term solution.

0 Kudos
Sudip_Majee
Participant
‎2024-07-19 12:05 AM

Thank you Harshpal for sharing the detailed steps.

I have successfully implemented this in my infra, but facing one issue, the configuration file is being written max 59kb and for some gw , the configuration output is incomplete due to this. 
is there any way to increase the output file size or wait until the complete configuration captured before running the scripts on the next Gw.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events