Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Easy Backup Tool - (migrate export + all GAIA configs)

Jump to solution

asy Backup Tool

Features


This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup":

easy_backup_over1a.jpg
- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

- MDS   > All CMA's are read out and their gateways backuped.
- SMS    > All gateways are read out and backuped.

ebackup_1a.jpg

Note:
- Tested with R80.10, R80.20 and R80.30.
- If the tool is started on a MDS, a mdsstop and mdsstart is performed during the migrate_server export.

CLI Parameter
 
Syntax  Description
-s
The option -s  performs a cpstop and cpstart when the migrate export tool is executed.
-v
The option -v shows the gateway OS, JHF, Kernel, Type of all gateways.
-l The option -l shows all ebackup tgz files in /var/log/.
-d The option -d delete all ebackup tgz files in /var/log/.
-no_migrate / -n The option -no_migrate has the consequence that no migrate export is executed.
-port <sms port> / -p <sms port>
The option -port <sms port> add the management server port, if it's not running on port 443.
-ftpserver <ftp server ip>
-ftpuser <username>
-ftppw <password>
The ftp options allow to upload the tar file to a ftp server.
- cpupload <cp_system_ip>
The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util.
 
Example
 

# ebackup                                                                                                -> Backup all GAIA configs from all gateways + migrate export with locale backup file (/var/log/[date]_ebackup.tgz)
# ebackup -s                                                                                           -> Backup all GAIA configs  from all gateway + migrate export with cpstop and cpstart for migrate export
# ebackup -no_migrate                                                                         -> Backup all GAIA configs from all gateway without migrate export
# ebackup -ftpserver 1.1.1.1 -ftpuser username -ftppw test123   -> Backup all GAIA configs from all gateway + migrate export with ftp upload

# ebackup -cpupload 1.1.1.1                                                                 -> Backup all GAIA configs from all gateway + migrate export with cp upload via cprid_util

Install Tool


Use this auto installer script from "Spoiler" on the SMS or MDS as CLI command in expert mode:

Spoiler
curl_cli -k http://www.ankenbrand24.de/inst_ebackup > /tmp/inst_ebackup && chmod 770 /tmp/inst_ebackup && /tmp/inst_ebackup

Or "copy and past" the following script block from "Spoiler" to your SMS or MDS (in expert mode):

Spoiler
cat <<EOT > /usr/bin/ebackup
#!/bin/bash
#
# Script Author  : Heiko Ankenbrand
# Script Website : https://www.ankenbrand24.de
# Script Source  : https://www.ankenbrand24.de/inst_ebackup
# License        : GNU General Public License (GPL)
#
if [[ -e /etc/profile.d/CP.sh ]]; then source /etc/profile.d/CP.sh; else echo "Unsupported Environment"; exit 1; fi
if [[ -e /etc/profile.d/vsenv.sh ]]; then source /etc/profile.d/vsenv.sh; fi   
FILE_PATH="/var/log/ebackup";
mkdir \$FILE_PATH > /dev/null 2>&1;
rm /tmp/ebackup_topo > /dev/null 2>&1;
rm /tmp/ebackup_MGTIP > /dev/null 2>&1;
# rm /usr/local/bin/ebackup > /dev/null 2>&1;
rm /tmp/ebackup_mdsstatus > /dev/null 2>&1;
rm /tmp/ebackup_login > /dev/null 2>&1;
rm /tmp/ebachup_cpupload /dev/null 2>&1;
REMOTE_RM="\$FILE_PATH/202*";
rm \$REMOTE_RM > /dev/null 2>&1;
NOW=\$(date +"%Y_%m_%d_%H%M");
clear;
echo -e "\e[7m";
printf '%.s-' {1..78};echo;
echo '- Easy Backup Tool v2.3                    - Copyright Heiko Ankenbrand 2020 -';
printf '%.s-' {1..78};
echo -e "\e[0m"
SHOW_SUM="0";
MIGRATE="1";
MGPORT="443";
FTPSERVER="";
FTPPW="non";
FTPUSER="anonymous";
serv_value="99";
REMOTE_INFO_V="0";
RVER=`fwm ver | awk '{print \$8}'`;

mSITIONAL=()
while [[ \$# -gt 0 ]]
do
key="\$1"
case \$key in
    -h|--help|-\?)
       shift;
       echo;echo 'Help: ';echo;
       echo "-l, --list                 The option -l  shows all ebackup tgz files in /var/log/.";
       echo "-d, --delete               The option -d  delete all ebackup tgz files in /var/log/.";
       echo "-s, --stop                 The option -s  performs a cpstop and cpstart when the migrate export tool is executed.";
       echo "-n, --no_migrate           The option -n  has the consequence that no migrate export/ migrate_server is executed.";
       echo "-v, --version              The option -v  shows the gateway OS, JHF, Kernel, Type";
       echo "-u, --user                 The option -u  shows the conneted users on the SMS";
       echo "-p <port>, -port <port>    The option -p  <port> add the management server port, if it's not running on port 443.";         
       echo "-ftpserver <ftp server ip> The ftp options allow to upload the tar file to a ftp server.";
       echo "-ftpuser <username> ";
       echo "-ftppw <password>";
       echo "-cpupload <cp system ip>   The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util.";
       echo "";
       echo "Examples:";
       echo "ebackup -s -ftpserver 192.168.1.1 -ftpuser test -ftppw secret -> backup all gateways + migrate export + cpstop + ftp upload"; 
       echo "ebackup -s -cpupload  192.168.1.1                             -> backup all gateways + migrate export + cpstop+ ";
       echo "                                                                 backup of the tgz file to another gateway or SMS";   
       echo "ebackup -n                                                    -> backup all gateways + without migrate export";
       echo;printf '%.s-' {1..78};echo;
       SHOW_SUM="0";
       exit 1;
    ;;
    -s|--stop)
       shift;
       SHOW_SUM="1";
    ;;
    -v|--version)
       shift;
       SHOW_SUM="1";
       REMOTE_INFO_V="1";
    ;;
    -u|--user)
       shift;
       SHOW_SUM="1";
       echo; cpstat mg |grep -e '|\|-' | cat; echo;
       exit 1;
    ;;
    -d|--delete)
       shift;
       SHOW_SUM="1";
       echo; echo "Delete all ebackup tgz files.";echo;
       rm /var/log/202* > /dev/null 2>&1;
       exit 1;
    ;;
    -l|--list)
       shift;
       SHOW_SUM="1";
       echo;echo -e "File \t\t\t\t\tBytes";
       printf '%.s-' {1..78};
       echo; ls -la /var/log/202* 2>&1| grep -v access|  awk '{print \$9 "\t\t" \$5}' |sed 's/\/var\/log\///'; echo;
       exit 1;
    ;;
    -port|-p)
       MGPORT="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftpserver)
       FTPSERVER="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftpuser)
       FTPUSER="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftppw)
       FTPPW="\$2";
       shift;
       shift;
       SHOW_SUM="0"; 
    ;;
     -cpupload)
       CPUPLOAD="\$2";
       shift;
       shift;
       SHOW_SUM="0"; 
    ;;   
    --no_migrate|-no_migrate|-n)
       shift;
       SHOW_SUM="0";
       MIGRATE="0";
    ;;
   
    *)    # unknown option
    #echo "unknown"
    POSITIONAL+=("\$1") # save it in an array for later
    shift # past argument
    SHOW_SUM="1";
    ;;
esac
done

############ Check MDS and SMS     #########
echo;

if [ "X\$MDSDIR" != "X" ]; then
     MDSSTATUS_HA=\$(mdsstat | grep -m 1 MDS | awk '{print \$8}');
     if [ \$MDSSTATUS_HA = "up"  ]; then    
           mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login;
           if grep -q Gaia /tmp/ebackup_login; then
               echo -n "The MDS is running in version "\$RVER;echo ".";echo;
               serv_value="1";
           else
               echo "The MDS is running but a connect to management API isn't possible.";echo;
               exit 1;
           fi     
     else
         echo -n "MDS is not running. (Status > "\$MDSSTATUS_HA;echo ")";echo;
         exit 1;
     fi
else
     #Check SMS
     CPM_PID=\$(ps -efww | grep java | grep cpm.Cpm | awk '{print \$2}');   
     if [ -z \$CPM_PID ]; then
           echo "The SMS is not running.";echo;
     exit 1;
     else 
           mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login;
           if grep -q Gaia /tmp/ebackup_login; then
               echo -n "The SMS is running in version "\$RVER;echo ".";echo;
               serv_value="0";
           else
               echo "The SMS is running but a connect to management API isn't possible.";echo;
               exit 1;
           fi
     fi
fi
if [ \$serv_value -eq 1  ]; then
   mdsenv > /dev/null 2>&1;
   mdsstat | grep CMA | awk '{print \$6}' >> /tmp/ebackup_MGTIP
   mdsstat | grep MDS | awk '{print \$6}' >> /tmp/ebackup_MDSIP
fi
############ Read gateways     #########
if  [ \$serv_value -gt 0  ]; then
       echo "Read gateways from CMA: ";echo;
       while read -r hostip; 
       do
           CMASTATUS_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$8}');
           CMANAME_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$4}');
           if [ \$CMASTATUS_HA = "up"  ]; then
               echo "   OK     - "\$CMANAME_HA;                 
               CMACOUNT=\$(mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2| grep -c ".");
               if [ \$CMACOUNT != 0 ]; then 
                     mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0.  | sed -e "s/\$/ \$hostip/"  >> /tmp/ebackup_topo;
               fi
           else
               echo " Failed   - "\$CMANAME_HA;
           fi   
       done < /tmp/ebackup_MGTIP
       echo;
else
     # read SMS gateways 
     mgmt_cli -r --port \$MGPORT true show gateways-and-servers details-level full limit 500 offset 0 --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0. |grep -v null | sed -e "s/\$/ x.x.x.x/" 2>&1> /tmp/ebackup_topo;
fi
######## GAIA Config save all gateways   #########
if [ ! -f /tmp/ebackup_topo ]; then
   echo "No gateways found!";
else
   echo "clish -c 'show configuration' > /var/log/g_output.txt" > /tmp/g_command.txt;
   echo "Backup GAIA config gateways:";echo;
   while read -r REMOTE_IP REMOTE_NAME REMOTE_CMA;
     do
     REMOTE_FILE="\$NOW-\$REMOTE_NAME";
     REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
     mdsenv \$REMOTE_CMA > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output.txt -local_file \$REMOTE_DATEI > /dev/null 2>&1;
     #echo -n "";
     if [ ! -f \$REMOTE_DATEI ]; then 
       echo -n " Failed   - ";
       else
       if grep -q hostname \$REMOTE_DATEI; then
          echo -n "   OK     - ";
          if [ \$REMOTE_INFO_V == "1" ] ; then
            $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /usr/bin/ebackup_command -remote_file /var/log/ebackup_command.txt > /dev/null 2>&1;
            $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/ebackup_command.txt > /dev/null 2>&1;
            $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output1.txt -local_file /tmp/ebackup_gateway_info.txt > /dev/null 2>&1;
          fi
       else 
          echo -n " Failed   - ";
       fi     
     fi
     echo -n \$REMOTE_NAME; 
     echo -n "   "; 
     if [ \$REMOTE_INFO_V == "1" ] ; then  
        if [ -f /tmp/ebackup_gateway_info.txt ]; then 
           REMOTE_INFO=\$(cat /tmp/ebackup_gateway_info.txt);
           echo; echo -n "           " \$REMOTE_INFO;
           rm /tmp/ebackup_gateway_info.txt;
           else 
           echo; echo -n "            (no gateway information available)";
        fi
     fi 
     if [ \$serv_value -eq 1  ]; then
        CMANAME_HA=\$(mdsstat | grep \$REMOTE_CMA | awk '{print \$4}');
        echo;    echo -n "            (CMA: "\$CMANAME_HA;echo -n ")";
     fi
     echo;
    done < /tmp/ebackup_topo; 
fi
echo;
######## GAIA config management save     #########
echo "Backup GAIA config Management:";echo;
REMOTE_FILE="\$NOW-Management";
REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
clish -c 'show configuration' > \$REMOTE_DATEI;
     if [ ! -f \$REMOTE_DATEI ]; then 
       echo -n "  Failed - ";
       else
       if grep -q hostname \$REMOTE_DATEI; then
          echo -n "   OK     - ";
       else 
          echo -n " Failed   - "
       fi     
     fi
     echo -n "Management   ";
     /usr/bin/ebackup_command;
     if [ \$REMOTE_INFO_V == "1" ] ; then  
        if [ -f /var/log/g_output1.txt ]; then 
           REMOTE_INFO=\$(cat /var/log/g_output1.txt);
           echo; echo -n "           " \$REMOTE_INFO;
           rm /var/log/g_output1.txt;
        fi
     fi 
     echo;echo;

############## SMS ############################    
# SMS migrate export
if [ \$serv_value -eq 0  ]; then
  if [ \$MIGRATE == "1" ] ; then
    REMOTE_FILE="\$NOW-SMS-Migrate-Export";
    REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
    echo;echo "Migrate Export SMS:";echo;
    if [ \$SHOW_SUM == "1" ] ;
      then
        cpstop > /dev/null 2>&1;
        echo "   OK     - cpstop";
    fi 
    REMOTE_DATEI_CHK="\$REMOTE_DATEI.tgz";
  
    $FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> \tmp\ebackup_migrate ;
       if [ ! -f \$REMOTE_DATEI_CHK ]; then 
           echo " Failed   - SMS migrate export";
       else 
           echo "   OK     - SMS migrate export";  
       fi

    if [ \$SHOW_SUM == "1" ] ;
      then
        cpstart > /dev/null 2>&1;
        echo "   OK     - cpstart";
    fi 
  fi
fi
############## MDS ############################
if [ \$MIGRATE == "1" ] ; then
 if  [ \$serv_value -gt 0  ]; then
   VER=`fwm ver | awk '{print \$8}' | sed 's/R80.//g'` 
   if [ \$VER -lt 30  ]; then               
        ### MDS version R80, R80.10, R80.20 migrate export
        REMOTE_FILE="\$NOW-MDS-Migrate-Export";
        REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
        mds/tmp/ebackup_migrateenv > /dev/null 2>&1
        echo -n "MDS migrate export (migrate export) "\$RVER;echo ":";echo;
        if [ \$SHOW_SUM == "1" ] ;then
           mdsstop > /dev/null 2>&1;
           echo "   OK     - MDS mdsstop";
        fi
        \$MDS_FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;
        if [ ! -f \$REMOTE_DATEI_CHK ]; then 
           echo " Failed   - MDS R80, R80.10, R80.20 (migrate export)";
        else 
           echo "   OK     - MDS R80, R80.10, R80.20 (migrate export)";  
        fi                         
        if [ \$SHOW_SUM == "1" ] ;then
           mdsstart > /dev/null 2>&1;
           echo "   OK     - MDS mdsstart";
        fi
   else 
        ### MDS version R80.30+ migrate_server
        REMOTE_FILE="\$NOW-MDS-Migrate-Server";
        REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
        mdsenv > /dev/null 2>&1;
        echo;echo -n "MDS migrate server (migrate_server) "\$RVER;echo ":";echo;
        \$MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v \$RVER \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

            if grep -q "sk135172" /tmp/ebackup_migrate; then
                echo " Failed   - MDS R80.30+ migrate_server export (No upgrade tools package is installed refer to sk135172)";
            else 
                if [ ! -f \$REMOTE_DATEI ]; then 
                    echo " Failed   - MDS R80.30+ migrate_server export";
                else 
                    echo "   OK     - MDS R80.30+ migrate_server export";
                fi     
            fi  
   fi
 fi
fi
############## TAR ############################
echo;echo "Tar file location:";echo;
REMOTE_FILE="\$NOW-ebackup";
REMOTE_DATEI="/var/log/\$REMOTE_FILE.tgz";
REMOTE_TAR="\$FILE_PATH";
# echo \$REMOTE_TAR
# echo \$REMOTE_DATEI

tar -czf \$REMOTE_DATEI \$REMOTE_TAR> /dev/null 2>&1;

     if [ ! -f \$REMOTE_DATEI ]; then 
            echo " Failed   - tar file";
       else  
          echo -n "   OK     - tar file (" ;
          echo -n \$REMOTE_DATEI;
          echo ")";
     fi		
echo;
############## FTP ############################
if [ "X\$FTPSERVER" != "X" ]; then
   
   FTPDATEI="\$REMOTE_FILE.tgz";
   echo;echo "FTP upload:";echo;
   echo "
   verbose
   user \$FTPUSER \$FTPPW
   bin
   lcd /var/log
   put \$FTPDATEI
   bye
   " | /usr/bin/ftp -in \$FTPSERVER > /tmp/ebackup_ftp 2>&1;
   if grep -q 226 /tmp/ebackup_ftp; then
       echo "   OK     - FTP upload";
   else
       echo " Failed   - FTP upload (Log: /tmp/ebackup_ftp)";
   fi
   echo;
fi

############## CPUPLOAD ############################
if [ "X\$CPUPLOAD" != "X" ]; then
     
     
     #REMOTE_FILE="\$NOW-\$REMOTE_NAME";
     #REMOTE_DATEI1="\$FILE_PATH/\$REMOTE_FILE";
     CPUPLOADDATEI="\$REMOTE_DATEI";
     echo "CP upload to \$CPUPLOAD:";echo;
     echo "ls \$CPUPLOADDATEI > /var/log/g_output.txt" > /tmp/g_command.txt;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file \$CPUPLOADDATEI -remote_file \$CPUPLOADDATEI  > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD getfile -remote_file /var/log/g_output.txt -local_file /tmp/ebachup_cpupload > /dev/null 2>&1;
     if [ ! -f /tmp/ebachup_cpupload ]; then 
       echo " Failed   - CP upload to \$CPUPLOAD ";
       else
       if grep -q tgz /tmp/ebachup_cpupload; then
          echo "   OK     - CP upload file (\$CPUPLOADDATEI)";
          
       else 
          echo " Failed   - CP upload to \$CPUPLOAD";
       fi     
     fi
     echo;
fi



REMOTE_RM="\$FILE_PATH/202*";
rm \$REMOTE_RM > /dev/null 2>&1;
rm /tmp/g_command.txt > /dev/null 2>&1;
rm /tmp/ebackup_topo > /dev/null 2>&1;
rm /tmp/ebachup_cpupload > /dev/null 2>&1;
rm /tmp/ebackup_MGTIP > /dev/null 2>&1;
rm /tmp/ebackup_migrate > /dev/null 2>&1;
rm /tmp/ebackup_mdsstatus > /dev/null 2>&1;
rm /tmp/ebackup_login > /dev/null 2>&1;
EOT
cat <<EHA > /usr/bin/ebackup_command
#!/bin/bash
J=\`cpinfo -y all 2>/dev/null | grep JUMBO | tail -n1 | awk '{print \$3}'\`;
O=\`cat /etc/cp-release | cut -c 13- | sed 's/^ *//g' | sed 's/\s*$//g'\`;
OSM=\`uname -a | grep -c x86_64\`; [ \$OSM == 0 ] && { OSM=32; } || { OSM=64; };
K=\`uname -r | sed 's/\([0-9]\+\.[0-9]\+\)\..*/\1/'\`;
T=\`cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c 17- \`;
echo "(\${O}, Kernel \${K}, \${OSM} Bit, JHF \${J}, \${T})" > /var/log/g_output1.txt ;
EHA
chmod 770 /usr/bin/ebackup;
chmod 770 /usr/bin/ebackup_command;

Create Cronjob


If the ebackup tool should be executed automatically, only a cronjob has to be created.

Spoiler
Add a user "jobuser" via GAIA web portal:

ebackup_cronjob1a.jpg

Set shell:                  /bin/bash
Set assigned role:  adminRole

ebackup_cronjob2a.jpg

Set a new password:
ebackup_cronjob3a.jpg

FTP upload:

                Add a cronjob via CLI to execute ebackup at Saturday night at 10:00 pm.

                - Add parameter -s for cpstop/cpstart
                - Add ftpserver/ ftpuser and ftppw parameters for ftp upload.

                # crontab -u jobuser -e
                ------------------------------------------------------------------------------------------------------
                22  00  *  *  6   /usr/bin/ebackup -s -ftpserver <server_ip> -ftpuser <username> -ftppw <password>

CP upload:

If an FTP upload is too insecure for you, you can also transfer the backup file to another Check Point system with the option -cpupload via cprid_util.

- Add parameter -s for cpstop/cpstart
- Add ftpserver/ ftpuser and ftppw parameters for ftp upload.

# crontab -u jobuser -e
------------------------------------------------------------------------------------------------------
22  00  *  *  6   /usr/bin/ebackup -s -cpupload <cp_server_ip>


More "Easy Tools"

- Easy Backup Tool - (migrate export + all GAIA configs)                   -> Easy backup of all gateway GAIA configs + migrate export with one CLI command.
- Easy execute CLI commands on all gateways simultaneously        ->  Now you can use the new command to execute bash or clish commands on all gateway simultaneously.
- Easy execute CLI commands from management on gateways        -> Easy execute CLI commands from management on gateways
- Mobile User License Tool - replaced "dtps lic"                                   -> It displays all Secure Client, SSL VPN and Mobile Access Portal licenses in total (sum) on the SMS.
- Easy View Tool - (system infos from all gateways simultaneously) -> This toll shows you quickly an overview of status information of all your gateways with only one CLI command.

Version

0.1   03-15-2020   - oneliner to show backup clish configs
0.6   03-23-2020   - GA version ebackup
0.7   03-25-2020    - add parameter -s for cpstop/cpstart
0.8   03-26-2020   - add parameter -no_migrate  (no migrate export)
0.9   03-26-2020   - bug fixed  (special thanks to Paul_Gademsky)
1.0   03-27-2020   - bug fixed  (SMS and MDS)
1.1   03-30-2020   - add option -port
1.2   03-30-2020   - bug fixed
1.3   03-31-2020   - ftp upload function  (-ftpserver, -ftpuser, -ftppw)

2.0   04-04-2020   - MDS support
2.1   04-06-2020   - bug fixed
2.2   04-07-2020   - add option -v
2.3   04-09-2020   - add option -cpupload (upload tgz file to a other Check Point gateway or SMS)

62 Replies
Highlighted
Explorer

Hello Heiko

First many thanks for that great script. i have 3 questions:

1. We also backup our smartevent server with ebackup but because it has no gateway on it ebackup gives the following back:

Backup GAIA config gateways:

Failed -

2. would it be possible to write the results of the ebackup to a log file and than parse that with a monitoring tool to be aware of failed backups?

 

3. we also have a 80.30 MDM to save and when run ebackup it gives me the following error:

MDS migrate server (migrate_server) R80.30:

Failed - MDS R80.30+ migrate_server export

 

--> where can i see what's exactly the problem that the export fails?

 

best regards chris

0 Kudos
Highlighted
Explorer

Hello all

We have also figured out that with MDM 80.30 and ebackup the path to the migrate export is wrong and we had to set that manually inside the ebackup script. here the infos about it:

original: # $MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v $RVER $REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

changed to: /opt/CPsuite-R80.30/fw1/scripts/migrate_server export -skip_upgrade_tools_check -n -v $RVER $REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

 

best regards chris

0 Kudos
Highlighted
Contributor

very nice tool

0 Kudos