Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JorgenSpange
Contributor
Jump to solution

Recover policy after management crash

Hi,

 

I have an issue where the physical appliance that ran our check point management crashed spectacularly. Of course the backup has never been tested and seems to be corrupt.

We've managed to restore the objects, but are not able to restore the policy. We have recovered the rulebases_5_0.fws file, but not anything else from the management itself.

My question is - the security gateways are still up and running, is there in some way possible to recover the installed policy on a gateway or exctract it in a readable format so that we could've reconstructed it manually.
The gateways are running r77.30.

 

Thanks!

 

Br

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

There is a way with versions up to R77.xx - unsupported procedure attached 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

11 Replies
Ruan_Kotze
Advisor

Not that I know of unfortunately.  You can try running the rulebases_5_0.fws through something like Nipper to get a policy printout.

Just a thought - if you have access to the filesystem are there perhaps backups under /var/log/CPbackup/backups/

I've also had success moving hard drives between appliances.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

There is a way with versions up to R77.xx - unsupported procedure attached 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
G_W_Albrecht
Legend Legend
Legend

See also View rulebase when only CLI available

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
JorgenSpange
Contributor

Thanks so much for your contribution! We've tried this now and got some progress, I will update you when I know the final result.

0 Kudos
Bob_Zimmerman
Authority
Authority

Nice to see that SK still kicking around! It's probably the most enduring single piece of documentation I've written.

Just be aware the part about removing certificates can be pretty dangerous. More than once, someone left an extra close paren in place, and when they started the management again, it hosed the objects file. If you use this process, be absolutely sure you have extra copies of all the files, including some on at least one other machine.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Which SK was it ? I just have the procedure, file dated 2013...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority

It's sk32508. I eventually got fast enough that I could get somebody an upgrade_export less than 30 minutes after getting those files from a dead management.

Of course, now everything is in a PostgreSQL database rather than text files. I left the TAC before R80 was even announced outside R&D, so I never figured out an equivalent process for it.

0 Kudos
JorgenSpange
Contributor

Hey,

 

I've tried the procedure, but the firewall blade is not coming up. I have different versions of the files, do you know which files that contain the firewall blade?

0 Kudos
JorgenSpange
Contributor

Got to open the firwall blade and the ruleset is empty. Any suggestions?

0 Kudos
JorgenSpange
Contributor

Just tested with some other files and seems like that worked. thanks so much!

0 Kudos
the_rock
Legend
Legend

I was just about to send you same process @G_W_Albrecht attached. But yes, he is correct, definitely not supported, but your best bet.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events