This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jesse
Contributor
‎2019-01-23 08:12 AM

SMS Automatically Backing Up Gateway Config

I was in the process of writing a script that would grab the "show configuration" from every gateway, but found in the /var/tmp directory on my SMS the exact thing I was looking for. The directory contains a file titled "<IP Address>-configuration.elg" for every gateway that is managed by the SMS, and appears to get updated every day early in the morning. This is great, but now I'm trying to figure out where these files are coming from. There's nothing in the crontab that would account for this. What process, script, whatever is running that creates them? The SMS is R80.10.

12 Replies
Maarten_Sjouw
Champion
Champion
‎2019-01-23 10:54 AM

Have you setup your gateways to actually run a daily backup and store it on the management server?

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-01-23 11:23 PM
In response to Maarten_Sjouw

I checked on our MDS R80.10 and found 4 files there, but they were dated nov 2017, around the time we installed the boxes, so they are not updated.

I do recall that in the MDS in the first months we had the setting "Sync with usercenter - Sync once a day" turned on

Most probably this setting is on in your management and this will collect the config and upload them to the UC.

Regards, Maarten
0 Kudos
Martin_Valenta
Advisor
‎2019-01-23 11:31 PM
In response to Maarten_Sjouw

That is synchronising only devices names with serial numbers so later on licenses appear in UC with actual devices names and not uploading gateways configs to CP.

0 Kudos
Jesse
Contributor
‎2019-01-24 08:14 AM
In response to Maarten_Sjouw

I have an MDS environment as well (separate from the SMS environment), and it does NOT have the configuration files that the SMS environment has. I have "Sync with User Center" enabled in both environments. I agree with Martin, the "show configuration" is not a part of this Sync.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-01-24 10:56 AM
In response to Jesse

Although it is not part of it, it would not hurt to turn it off and see what happens for a couple of days.

Regards, Maarten
0 Kudos
Norbert_Bohusch
Advisor
‎2019-01-23 10:55 AM

I just checked some environments and I also found it and also for SMB appliances (1100/1400).

edit: btw. I have it in my lab environment as well, where I have no backup at all!

0 Kudos
Jesse
Contributor
‎2019-01-23 11:05 AM
In response to Norbert_Bohusch

So I think that confirms it's some kind of out the box behavior, now just to track down what's doing it...

0 Kudos
Norbert_Bohusch
Advisor
‎2019-01-23 11:19 AM
In response to Jesse

I tried digging through logs in /var/log, $CPDIR/log and $FWDIR/log on Mgmt and GW by looking at timeframe of backup and didn't found any hint from where it comes....

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-01-24 02:09 PM
In response to Norbert_Bohusch

I have a 1400 and a SMS 80.20 and I have the upload settings disabled and do not see the configuration files on the management server.

Regards, Maarten
0 Kudos
Jesse
Contributor
‎2019-01-24 02:17 PM
In response to Maarten_Sjouw

Maybe the difference is R80.20. I had the Sync disabled up until last week, but I have files in /var/tmp for some old gateways from last November, when Sync was not turned on.

0 Kudos
Nicholas_Sherid
Contributor
‎2019-01-24 11:03 AM

Sort of curious have you checked cron? Just on there off chance (crontab -l) if you know what I mean 

0 Kudos
Norbert_Bohusch
Advisor
‎2019-01-24 11:57 AM
In response to Nicholas_Sherid

In the opening post he wrote that there's nothing in cron. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events