Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tmorgan
Contributor

Config Files Backup

Forgive me if this has been asked here before but I couldn't find anything when searching.

One of my biggest annoyances with Check Point is the need to configure settings in text files in the underlying OS. This means, correct me if I am wrong, unless the engineers maintaining the environment are very disciplined and keep this documented there will end up being changes in the underlying OS that are just waiting to stab you in the back at 3AM during a major upgrade or appliance failure.

  • My question here is in all my years of check pointing... have I missed something simple?
  • Assuming I haven't is there a good, I appreciate it probably cant be exhaustive, list of common files that would be worth checking when engaging with a new customer for the first time?

If we are able to come up with a list of common files I am happy to script something up to back these up / potentially highlight if they have been modified from the defaults.

 

0 Kudos
2 Replies
Lesley
Leader Leader
Leader

There is nothing simple out there, what you change you have to document. This is due the nature of the product, it is very open that you can change what you want. Other vendor's have different approach little change but more easy to backup and restore. You call it annoying but for me it is a big pro. Many times you need the vendor to make a simple change because they locked it. 

You either make good backups (snapshots are the most complete but have limitations). And/or make good documentation.

It is possible to script certain files but when it ends? 

Here a list of important files, as an example:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Installation_and_Upgrade_Guide/Top...

-------
If you like this post please give a thumbs up(kudo)! 🙂
tmorgan
Contributor

You raise very valid points!

Unfortunately the flexibility is not something I leverage that often I always prefer to keep installs simple wherever possible. What I do however come across a lot is customer environments with statements like 'what do you mean design documents' and 'X used to look after it but we don't talk to X anymore'. Don't get me wrong I charge by the hour but I always feel guilty/sorry for the customer when I have to turn around to the customer and say 'brace yourself, this might be expensive'.

I agree completely with the document, I always ensure customers have an up to date low level design document that outlines anything that has been configured on the appliance.

Installation and Upgrade guide is a very good idea that just hadn't occurred to me; thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events