Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Advisor

Backup Strategy for CloudGuard IaaS

Hello,

What is the best backup strategy for Cloud Guard IaaS ? is it recommended to take snapshots/backups to a remote server as done in case of Physical Devices or AWS Snapshots/AMI Image Backups are a better way to go

6 Replies
Champion
Champion

This depends on your requirements and the types of servers you operate within CloudGuard IaaS.

For Check Point Security Management servers in CloudGuard IaaS I'd always want to have recent migrate_export, show configuration, cpinfo export, cpview database export, HTML show package export and a normal CPbackup as well, though I know to be careful with these backups taken from IaaS environments as it's not supported to restore them on an on-prem server.

For Check Point Security Gateways it might be enough to schedule a central backup via CDT from the security management as I described here.

Advisor

Thanks for the reply..

My Mgmt Server and Gateways are both located in AWS.. i was going through AWS Backup Service and it is possible to backup entire EC2 on a daily basis from there .. not sure entirely but cant it be restored from that Backup ? in that case i dont have to setup Backup of AWS FWs and Mgmt Servers with my on prem SCP Backup Server

Admin
Admin

Generally, we don’t necessarily recommend using VM-level backups since it may get the system in an inconsistent state.
I would throughly test it before relying on it.

In addition, things like a migrate export will be required to do an upgrade as in place upgrades are not supported in public cloud.

Contributor

I'd agree here with PhoneBoy, I have experimented with different types of backups not just on AWS but also on Azure and GCP. The best way to backup is to use native Check Point tools and take it from there. The power of the cloud is that you can redeploy items from templates and automation (e.g. ARM templates in Azure, CloudFormation in AWS). So far my approach has been to:

- Setup a CloudFormation template for deploying the basic infrastructure (deployment of the Check Point gateways or management).

- Rely on Check Point native tools to backup or export configuration. This can be done on a scheduled basis.

Explorer

Hi guys,

How about this situation:

  1. one management console in Amazon has an IP address 1.1.1.10/28 and connected to my firewalls.
  2. second management console also is in Amazon but created as a VM with 1.1.1.10/28 and has no configuration at all.

According to your solution I should be able to run back up on 1.1.1.10/28 and restore it on 1.1.1.25/28?

Regards,

Nik

0 Kudos
Reply
Explorer

Hi guys,
How about this situation:
1. one management console in Amazon has an IP address 1.1.1.10/28 and connected to my firewalls.
2. second management console also is in Amazon but created as a VM with 1.1.1.10/28 and has no configuration at all.
According to your solution I should be able to run back up on 1.1.1.10/28 and restore it on 1.1.1.25/28?

Regards,

Nik

0 Kudos
Reply