This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
danmn
Explorer
‎2023-02-10 03:56 AM

Backing up Maestro SMO/SGMs

Hi

 

I need some help with the backup procedure/what should be backed up on SGMs in a Maestro deployment. The documentation isn't particularly helpful when it comes to backing up SGMs and just links to the Gaia backup documentation. I understand the backup procedure for an Orchestrator, but;  

  1. Is switching to the SMO in each group, and then doing the 3 standard Gaia backups (OS, System, Snapshot) from clish (not gclish?) and then scping them up to the Orchestrator in Expert mode enough to consider that Security Group backed up? Or should the same 3 backups be captured from every gateway in the group?
  2. Is it even possible to scp 'up'? using the account that was used to login to the Orchestrator to then copy off device? I found an sk that mentions creating an scpuser on the SMO/SGM and 'pulling' the file using the Orchestrator, but I've rather avoid having to create another account if I can.

 

Thanks.

0 Kudos
3 Replies
Dario_Perez
Employee Employee
Employee
‎2023-02-10 05:03 AM

Hi

since all SGM have the same config, is not necessary create a backup for each SGM. the best is snapshot from local clish from SMO

to export the snapshot you can use the webui for SMO to download it or use scp but that user needs expert user /bin/bash to be able to open with winscp or transfer to other device outside the SGM

danmn
Explorer
‎2023-02-10 05:47 AM
In response to Dario_Perez

Thank you.

I'm working on automating the process of creating, pulling, and cleaning up the backups so I won't be able to use the Web UI unfortunately. 

 

The documentation is lacking some of the command outputs and I don't actually have access to a Maestro deployment to test outputs, and I won't know how many Security Groups/SMOs there are ahead of time... is there a useful command that lists all the Security Groups, ideally with the internal management IPs, from the Orchestrator? the lldp command doesn't contain groups, but does contain IPs. I believe the 'show maestro security-group' command requires a group ID (which I won't know) so it can't list them all. The only way I've found so far is by pulling the info from the sgdb.json, but that doesn't have IP addresses unfortunately.

 

Also, is there any difference between members in the same group on different chassis? The sgdb.json file has members under a group like 1_1, 1_2, then, 2_1, 2_2.... do I need the backup from 1_1 and 2_1? or will 1_1 suffice?

 

Thanks for your help.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-10 05:33 AM

Some SK referenced in the following thread might also be useful for you:

https://community.checkpoint.com/t5/Maestro/Maestro-Backup-Recommendations/td-p/154332

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events