- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
I have an issue where the physical appliance that ran our check point management crashed spectacularly. Of course the backup has never been tested and seems to be corrupt.
We've managed to restore the objects, but are not able to restore the policy. We have recovered the rulebases_5_0.fws file, but not anything else from the management itself.
My question is - the security gateways are still up and running, is there in some way possible to recover the installed policy on a gateway or exctract it in a readable format so that we could've reconstructed it manually.
The gateways are running r77.30.
Thanks!
Br
There is a way with versions up to R77.xx - unsupported procedure attached 😎
Not that I know of unfortunately. You can try running the rulebases_5_0.fws through something like Nipper to get a policy printout.
Just a thought - if you have access to the filesystem are there perhaps backups under /var/log/CPbackup/backups/
I've also had success moving hard drives between appliances.
There is a way with versions up to R77.xx - unsupported procedure attached 😎
See also View rulebase when only CLI available
Thanks so much for your contribution! We've tried this now and got some progress, I will update you when I know the final result.
Nice to see that SK still kicking around! It's probably the most enduring single piece of documentation I've written.
Just be aware the part about removing certificates can be pretty dangerous. More than once, someone left an extra close paren in place, and when they started the management again, it hosed the objects file. If you use this process, be absolutely sure you have extra copies of all the files, including some on at least one other machine.
Which SK was it ? I just have the procedure, file dated 2013...
It's sk32508. I eventually got fast enough that I could get somebody an upgrade_export less than 30 minutes after getting those files from a dead management.
Of course, now everything is in a PostgreSQL database rather than text files. I left the TAC before R80 was even announced outside R&D, so I never figured out an equivalent process for it.
Hey,
I've tried the procedure, but the firewall blade is not coming up. I have different versions of the files, do you know which files that contain the firewall blade?
Got to open the firwall blade and the ruleset is empty. Any suggestions?
Just tested with some other files and seems like that worked. thanks so much!
I was just about to send you same process @G_W_Albrecht attached. But yes, he is correct, definitely not supported, but your best bet.
Andy
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY