When migrating an existing Check Point environment to new-generation Check Point Gateways, it is important to preserve and validate key configuration files from the original environment. To help with this process, we collect several relevant files—when they exist—that contain important system and acceleration settings. After the new gateways have been deployed and configured, these files can be restored as needed on their respective paths. This is a common practice during clean install migrations, helping ensure that critical custom configurations are retained throughout the migration process.

I want to share the following one-liner that creates a compressed backup containing some of the most relevant migration-related files:

mkdir -p /home/admin/backup; fw ctl fast_accel export_conf; cp $FWDIR/boot/modules/fwkern.conf $FWDIR/conf/{ipassignment.conf,trac_client_1.ttm,fw_fast_accel_export_configuration.conf} /home/admin/backup/; clish -c "lock database override"; clish -c "save configuration cp_config.txt"; mv cp_config.txt /home/admin/backup; tar -czvf /home/admin/$(hostname)_backup.tgz -C /home/admin/backup .; rm -rf /home/admin/backup; echo "Done! Please collect the backup file located at /home/admin/$(hostname)_backup.tgz"

What does this command do?

1. Creates a temporary backup directory

mkdir -p /home/admin/backup

Creates a working directory where all collected files will be stored before compression.

2. Exports SecureXL/Fast Acceleration configuration

fw ctl fast_accel export_conf

Generates the SecureXL acceleration configuration, preserving Fast Acceleration settings that may be important after a migration.

3. Copies important configuration files

fwkern.conf
ipassignment.conf
trac_client_1.ttm
fw_fast_accel_export_configuration.conf

These files include:

• fwkern.conf – To change the internal default behavior of Firewall or to configure special advanced settings for Firewall, you can use Firewall kernel parameters..
• ipassignment.conf – Mapping of Remote Access VPN (Office Mode) users to specific IP addresses.
• trac_client_1.ttm – Client/Endpoint related configuration (when applicable), especially for Remote Access VPN client behavior.
• fw_fast_accel_export_configuration.conf – Exported SecureXL/Fast Acceleration configuration.

4. Saves the Gaia configuration

clish -c "lock database override"

Locks the Gaia configuration database (if necessary)

clish -c "save configuration cp_config.txt"

 generates a complete Gaia configuration backup, including:

• Interfaces
• Static routes
  
• Bonding
• VLANs
• DNS
• NTP
• Hostname
• SNMP
• Users
• System configuration
• Many other CLISH show configuration settings
  
  

The generated file is then moved into the backup directory.

5. Creates a compressed archive

tar -czvf /home/admin/$(hostname)_backup.tgz -C /home/admin/backup .

Packages all collected files into a single hostname_backup.tgz archive, making it easy to transfer or attach to a migration package.

6. Cleans up temporary files

rm -rf /home/admin/backup

Removes the temporary working directory after the archive has been created.

At the end, you'll have a single archive:

/home/admin/<hostname>_backup.tgz