This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Justin_Hickey
Collaborator
‎2017-08-11 09:13 AM
Jump to solution

R80.10 - Set snapshot export command

I'm trying to automate the regular export of snapshots. I always run into an issue with the 'path'. I don't understand, if this is an export, how else would the path be formatted ?

set snapshot export CPMGT_Snapshot_01 path ftp://admin:thepassword@10.1.1.11/ name CPMGT_Snapshot_01

NMSNAP0042  Bad Path input


Thanks, Your CheckMate,

Justin

0 Kudos
2 Solutions

Accepted Solutions
Declan__McGill
Contributor
‎2017-08-21 10:30 AM
In response to Justin_Hickey
Jump to solution

Yep, I do. We have a gaia virtual appliance (no fw , no mgt stuff started) which we use to fetch the files.

Just bash scripts.

One to trigger a snapshot script in the middle of the night (staggering cluster members) once per month and then a fetch script that scans for new snapshots on all machines each Sunday.

The snapshot script just runs a snapshot and checks to see when it’s finished, when it is it exports it to /var/log from where it’s picked up by the fetch script some time during he night.

Of course I also do daily backups which we fetch every night too and I also do a save configuration and fetch that too.

I like to keep my options open ☺

D

View solution in original post

Preview file
2 KB
Preview file
2 KB
Preview file
2 KB
Preview file
2 KB
Preview file
93 KB
JozkoMrkvicka
Authority
Authority
‎2021-04-02 12:20 AM
Jump to solution

All your custom-made scripts can be replaced by build-in feature in R81 - Scheduled snapshots and upload snapshot to the backup server over FTP or SCP:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Snapsho...

Kind regards,
Jozko Mrkvicka

View solution in original post

15 Replies
Jerry
Mentor
Mentor
‎2017-08-11 10:49 AM
Jump to solution

have you tried other than FTP proto's like SCP instead?

it works like a charm on my vm with SCP as FTP seem yet buggy or simply does not accept user:password in the middle.

Jerry
Jerry
Mentor
Mentor
‎2017-08-11 11:00 AM
Jump to solution

try SCP instead, it works for me even with user:password 

little bug on r80.10? Smiley Happy

Jerry
PhoneBoy
Admin
Admin
‎2017-08-11 11:18 AM
Jump to solution

Snapshots are actually stored on a different partition on the system.

The path, in this case, is a local filesystem.

Once it's on the local filesystem it can be copied using your supported method of choice.

Justin_Hickey
Collaborator
‎2017-08-11 12:03 PM
Jump to solution

Thanks for the replies.

So the snapshot has to first be moved out of its virtual harddrive. So I issue this:

 set snapshot export CP_Snapshot_01 path /var/CPsnapshot/snapshots/ name CP_Snapshot_01

and I get this error:
NMSNAP0042  Snapshot can be exported just to user home directory in the current partition.

so, let me ask... If there is only one option of where to put it, is it really and option at all ??  <deep, I know>

PhoneBoy
Admin
Admin
‎2017-08-11 12:41 PM
In response to Justin_Hickey
Jump to solution

You could put it into a subdirectory of your home directory, but the point is taken.

0 Kudos
Americo_two
Participant
‎2021-04-01 12:53 PM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy,

Do you know how can export the snapshot directly to another server? or is necessary export first to local path and after copy to a server, in my case I want to export directly to a backup server.

0 Kudos
Uri_Lewitus
Employee
Employee
‎2017-08-17 02:27 AM
Jump to solution

Hi Justin

Snapshots (as opposed to backup)  are not meant to be used regularly as the proffered method for recovery.

The outcome is very big (entire root partition + some of /var/log partition and some extra) and this is the main reason for this feature not having the option for scheduled operation (as in Backup).

Its main purpose is to be used after a major configuration change such as completing gateway or management server first time configuration (including HFs, routes, etc.) and after installing a Jumbo for example.

Snapshot will restore everything from scratch and takes time.

Backup is the preferred method for restoring the GW/MGMT/Other state of software level (policy rules, IPS files etc.)

I hope this sheds some light on the subject and you find it helpful.

Anyways the Gaia admin guide will be updates soon to address this knowledge gap.

Thanks

Uri

Declan__McGill
Contributor
‎2017-08-17 03:06 AM
In response to Uri_Lewitus
Jump to solution

We use snapshots and backups as the preferred restoration tool because it is deterministic and pretty bullet proof.

We take a snapshot monthly (with 100 boxes it takes about 400G keeping just 1 ) and a daily backup. Restore is trivial because we boot a new box and copy the snapshot.tar file and the backup file then revert the snap and reboot, then revert the backup, job done.

Takes max 30-40 mins and not much can go wrong.

D

Justin_Hickey
Collaborator
‎2017-08-21 05:50 AM
In response to Declan__McGill
Jump to solution

Thanks Declan,

Do you automate the extraction of the snapshot from the servers ? If so, how ?

Thanks,

Justin

0 Kudos
Declan__McGill
Contributor
‎2017-08-21 10:30 AM
In response to Justin_Hickey
Jump to solution

Yep, I do. We have a gaia virtual appliance (no fw , no mgt stuff started) which we use to fetch the files.

Just bash scripts.

One to trigger a snapshot script in the middle of the night (staggering cluster members) once per month and then a fetch script that scans for new snapshots on all machines each Sunday.

The snapshot script just runs a snapshot and checks to see when it’s finished, when it is it exports it to /var/log from where it’s picked up by the fetch script some time during he night.

Of course I also do daily backups which we fetch every night too and I also do a save configuration and fetch that too.

I like to keep my options open ☺

D

Preview file
2 KB
Preview file
2 KB
Preview file
2 KB
Preview file
2 KB
Preview file
93 KB
Justin_Hickey
Collaborator
‎2017-08-21 12:49 PM
In response to Declan__McGill
Jump to solution

Could you possible share that script ? I think your approach is the right one. Backup all you can.

0 Kudos
Vladimir
Champion
Champion
‎2017-10-02 05:52 PM
In response to Declan__McGill
Jump to solution

I too am interested in this script, when you'll get  a chance.

0 Kudos
Justin_Hickey
Collaborator
‎2017-08-21 05:49 AM
In response to Uri_Lewitus
Jump to solution

Respectfully, I don't see it as a knowledge gap but rather as a matter of company preference. In order to have a solid backup strategy, I see a need for regular standard backups AND snapshots. The snapshots in my instance are less then 5 GB each so I don't see storage as a major issue to keep one or two around for disaster recovery purposes. If the worst happens, I'll need every and all options at my disposal.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2021-04-02 12:20 AM
Jump to solution

All your custom-made scripts can be replaced by build-in feature in R81 - Scheduled snapshots and upload snapshot to the backup server over FTP or SCP:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Snapsho...

Kind regards,
Jozko Mrkvicka
Americo_two
Participant
‎2021-04-02 05:06 AM
In response to JozkoMrkvicka
Jump to solution

Thanks @JozkoMrkvicka 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events