- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Backup Strategy for CloudGuard IaaS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Backup Strategy for CloudGuard IaaS
Hello,
What is the best backup strategy for Cloud Guard IaaS ? is it recommended to take snapshots/backups to a remote server as done in case of Physical Devices or AWS Snapshots/AMI Image Backups are a better way to go
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This depends on your requirements and the types of servers you operate within CloudGuard IaaS.
For Check Point Security Management servers in CloudGuard IaaS I'd always want to have recent migrate_export, show configuration, cpinfo export, cpview database export, HTML show package export and a normal CPbackup as well, though I know to be careful with these backups taken from IaaS environments as it's not supported to restore them on an on-prem server.
For Check Point Security Gateways it might be enough to schedule a central backup via CDT from the security management as I described here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply..
My Mgmt Server and Gateways are both located in AWS.. i was going through AWS Backup Service and it is possible to backup entire EC2 on a daily basis from there .. not sure entirely but cant it be restored from that Backup ? in that case i dont have to setup Backup of AWS FWs and Mgmt Servers with my on prem SCP Backup Server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Generally, we don’t necessarily recommend using VM-level backups since it may get the system in an inconsistent state.
I would throughly test it before relying on it.
In addition, things like a migrate export will be required to do an upgrade as in place upgrades are not supported in public cloud.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd agree here with PhoneBoy, I have experimented with different types of backups not just on AWS but also on Azure and GCP. The best way to backup is to use native Check Point tools and take it from there. The power of the cloud is that you can redeploy items from templates and automation (e.g. ARM templates in Azure, CloudFormation in AWS). So far my approach has been to:
- Setup a CloudFormation template for deploying the basic infrastructure (deployment of the Check Point gateways or management).
- Rely on Check Point native tools to backup or export configuration. This can be done on a scheduled basis.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
How about this situation:
- one management console in Amazon has an IP address 1.1.1.10/28 and connected to my firewalls.
- second management console also is in Amazon but created as a VM with 1.1.1.10/28 and has no configuration at all.
According to your solution I should be able to run back up on 1.1.1.10/28 and restore it on 1.1.1.25/28?
Regards,
Nik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
How about this situation:
1. one management console in Amazon has an IP address 1.1.1.10/28 and connected to my firewalls.
2. second management console also is in Amazon but created as a VM with 1.1.1.10/28 and has no configuration at all.
According to your solution I should be able to run back up on 1.1.1.10/28 and restore it on 1.1.1.25/28?
Regards,
Nik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since this is the top hit on Google results, there is also this SK:
Backup and snapshot support in CloudGuard Network Security products