cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Startup-Config Equivalent

Does Check Point have an equivalent to the Cisco startup config that can be checked?

I understand that you can issue a "show configuration" to see what I understand to be the equivalent of the "show running-config" on a Cisco device. 
I ask this as I know that you need to save the config in order for it to be kept in the event of a reboot and I would like to be able to monitor this status. 

We use Solarwinds for our configuration monitoring on Cisco devices and that compares the Startup-config to the running-config to check if there are any unsaved changes and perform a diff on these. It would be nice if there was an equivalent way to do the same with the Check Points. 

I understand that the "show config-state" command will show me if there are unsaved changes, but not allow me to compare those changes. 

Any ideas?

0 Kudos
2 Replies
Admin
Admin

Re: Startup-Config Equivalent

When you're using the WebUI, pretty much every change you make is saved automatically.

When you're using the CLI, there is an explicit "save config" step.

Which means, if you're trying to track configuration changes, you need to take a different approach.

The boot configuration is in /config/active.

If you want to see if this is changed at all, you should probably grab this periodically and diff it.

That should be pretty trivial.

If you want to see if the RUNNING configuration is different than the SAVED configuration, it's a bit more complicated.

The tool that will give you output that more closely matches what's in /config/active is a tool called dbget and it's described here: How to use dbget and dbset on Gaia OS 

As far as I know, even with dbget, you can't dump the entire running config, only specific entries or specific trees.

However, using a bit of scripting, I imagine it's possible to pull out which items have changed configuration since the last save.

0 Kudos

Re: Startup-Config Equivalent

Thanks Dameon, the tracking of changes I have ok with Solarwinds NCM, it's just the startup vs running I am having an issue with. 

Thanks for the heads up on the gbget tool - I wasn't aware of this. Unfortunately it doesn't look like it will accomplish what I am after without a lot of custom manipulation. 

I think that I will just settle on checking the SNMP value to ensure that there are not unsaved changes. 

0 Kudos