Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
khineminn
Contributor
Jump to solution

Different between Config Backup & Database Backup in CP Management Server

I would like to know the different between the config backup and database backup (migrate export) in Checkpoint Management Server.

0 Kudos
1 Solution

Accepted Solutions
AkosBakos
Advisor
Advisor

Hi @khineminn 

Please check this link. This is what you need:

8. Comparison of Backup Methods

Enter the string to filter this table: 

 

  Snapshot
Management
System
Backup
"show
configuration"
"upgrade_export" /
"migrate export"
How much time
does it take?
30 - 60 minutes 5 - 30 minutes Few seconds Depends on
configuration
Size of output file
on Security Gateway
5-100 GB Depends on
configuration
Few KB N/A
Size of output file
on Management Server
5-100 GB 5-100 GB Few KB Depends on
configuration
Does it back up
Gaia OS configuration?
Yes Yes Yes No
Does it back up
Products configuration?
Yes Yes No Yes
Does it back up
Hotfixes?
Yes

No

(does not apply to "mds_backup")

No No
Does it back up
Check Point
logs?
No No No

Not by default.

Use the flag "-l"
in the syntax
to back up the
SmartView Tracker
logs as well.

Does it support
automatic scheduling?

R81 and higher - Yes

R80.40 and lower - No

Yes No No
Can you restore
from different version?
Yes

Note: Snapshots cannot be restored from a version which includes different partitioning system (e.g. GPT) or default filesystem (e.g. XFS).
For example, you cannot restore a snapshot from the R77.30 version on an R80.30 3.10 version.
No With manual
adjustments
Upgrade is performed
when importing to a newer version
Does it require to close
SmartConsole GUI clients?
No

R81 and higher - No

R80.40 - No (only from R80.40 Jumbo Hotfix Accumulator Take 53)

R80.30 - No (only from R80.30 Jumbo Hotfix Accumulator Take 215)

R80.20 - Yes

R80.10 - No (only from R80.10 Jumbo Hotfix Accumulator Take 278)

R80 and lower - Yes

No No
Does it require to stop
Check Point services?
No No No No
Does it require reboot? No No No No

 

https://support.checkpoint.com/results/sk/sk108902

----------------
\m/_(>_<)_\m/

View solution in original post

(1)
7 Replies
AkosBakos
Advisor
Advisor

Hi @khineminn 

Please check this link. This is what you need:

8. Comparison of Backup Methods

Enter the string to filter this table: 

 

  Snapshot
Management
System
Backup
"show
configuration"
"upgrade_export" /
"migrate export"
How much time
does it take?
30 - 60 minutes 5 - 30 minutes Few seconds Depends on
configuration
Size of output file
on Security Gateway
5-100 GB Depends on
configuration
Few KB N/A
Size of output file
on Management Server
5-100 GB 5-100 GB Few KB Depends on
configuration
Does it back up
Gaia OS configuration?
Yes Yes Yes No
Does it back up
Products configuration?
Yes Yes No Yes
Does it back up
Hotfixes?
Yes

No

(does not apply to "mds_backup")

No No
Does it back up
Check Point
logs?
No No No

Not by default.

Use the flag "-l"
in the syntax
to back up the
SmartView Tracker
logs as well.

Does it support
automatic scheduling?

R81 and higher - Yes

R80.40 and lower - No

Yes No No
Can you restore
from different version?
Yes

Note: Snapshots cannot be restored from a version which includes different partitioning system (e.g. GPT) or default filesystem (e.g. XFS).
For example, you cannot restore a snapshot from the R77.30 version on an R80.30 3.10 version.
No With manual
adjustments
Upgrade is performed
when importing to a newer version
Does it require to close
SmartConsole GUI clients?
No

R81 and higher - No

R80.40 - No (only from R80.40 Jumbo Hotfix Accumulator Take 53)

R80.30 - No (only from R80.30 Jumbo Hotfix Accumulator Take 215)

R80.20 - Yes

R80.10 - No (only from R80.10 Jumbo Hotfix Accumulator Take 278)

R80 and lower - Yes

No No
Does it require to stop
Check Point services?
No No No No
Does it require reboot? No No No No

 

https://support.checkpoint.com/results/sk/sk108902

----------------
\m/_(>_<)_\m/
(1)
the_rock
Legend
Legend

Hey @khineminn 

I would say what @AkosBakos sent is EXCELLENT, but I will also try explain it in simple terms, if you will.

Config backup, say if you were to go to clish and run save configuration config.txt (or whatever filename you give it), it would generate simple txt file in whatever dir you were in. Sao if you see my example below, it was /home/admin

 

[Expert@CP-FW-01:0]# pwd
/home/admin
[Expert@CP-FW-01:0]# ls
config.txt test.txt
[Expert@CP-FW-01:0]# ls -lh
total 12K
-rw-r--r-- 1 admin config 7.2K Aug 28 13:45 config.txt
-rw-rw---- 1 admin root 5 Aug 22 11:29 test.txt
[Expert@CP-FW-01:0]#

This file simply lets you copy the config back into clish if you say build new server or reinstall old one, its very convenient.

Now, if you get migrate_export, it will contain all the config that you can import later into another mgmt with same CP version.

If you want EVERYTHING backed up, then run snapshot. However, personally, I always prefer backups, because even though it does not restore the hotfix, its not a big deal, because 99% of the time, jumbo hotfixes matter for the gateways, not the management.

Hope that helps.

Andy

(1)
AkosBakos
Advisor
Advisor

Hi @khineminn 

I want to join to @the_rock and I want to explain with my words too 🙂 

You said that, you want to know from the MGMT server point to view:

If the MGMT is not a VM (e,g, VMware) I always use system backup because it contains all of the necessary things that I need for revert. I do tests on MGMT ant LOG server the steps are the following:

  • I make a system backup and save it to an another location
    • before I do the next step I make and md5 hash on both side -> ensure the hashes are the same
  • I reinstall the appliance (or open server)
  • install the JHF what is required
  • upload, and restrore the backup file
  • test it, test it, test is

Don't forget, the backup does not contain the logs!!!

If you have time, do this steps in a LAB, and you will be confident in live situation 🙂

Akos

 

----------------
\m/_(>_<)_\m/
(1)
the_rock
Legend
Legend

Yes sir, excellent explanation @AkosBakos 

@khineminn I agree 100% with Akos, if you can, PLEASE test this in the lab, because you do not want to find out the hard way if anything breaks (fingers crossed it would not, but better be safe, than sorry, as they say)

Andy

(1)
khineminn
Contributor

@AkosBakos  So, please let me go to next step.

Actually, I am going to migrate the management server from the existing device to a new one due to hardware end-of-life. In this case, is a configuration backup sufficient, or is a database migration still needed? (Assuming I don't need the logs and license files.)

Thanks in advance.

0 Kudos
the_rock
Legend
Legend

I will let Akos give his opinion, of course, but I can tell you 100% for things like that, migrate_server is the BEST, by far, as it does NOT care about the platform type, as long as versions are the same, but you can simply follow below sk to actually migrate even if versions are different, but I prefer they be the same. It will import all the smart console objects, services, hosts, licences, etc, just IP and hostname wont change.

IM referring to below. If you need help with it, let us know, I did this probably 50 times already, no issues.

Andy

 

https://support.checkpoint.com/results/sk/sk135172

0 Kudos
AkosBakos
Advisor
Advisor

Hi @khineminn 

No, the configuration backup is not enough. It is enough only for lets say the OS settings. So it is needed as first step.

I'm not 100% sure the backup will work correcly between different HW-s, so  is would use migrate_export something like that in this scenario:

  1. I install the new device and patch to the right JHF level
  2. export the database
  3. shutdown the existing device (or connect to an another segment to avoid of Ip address conflict)
  4. Connect the new device to the prod LAN
  5. import the database

Fortunately you have the chance to test it without disconnect the old device from the net ( skip from point 3.). 

This short description is an overview only, the devil is in the deatils always. Try it, and if you stuck somewhere drop us an update

Akos

 

----------------
\m/_(>_<)_\m/

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events