This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JorgenSpange
Contributor
‎2021-12-08 01:35 PM
Jump to solution

Recover policy after management crash

Hi,

 

I have an issue where the physical appliance that ran our check point management crashed spectacularly. Of course the backup has never been tested and seems to be corrupt.

We've managed to restore the objects, but are not able to restore the policy. We have recovered the rulebases_5_0.fws file, but not anything else from the management itself.

My question is - the security gateways are still up and running, is there in some way possible to recover the installed policy on a gateway or exctract it in a readable format so that we could've reconstructed it manually.
The gateways are running r77.30.

 

Thanks!

 

Br

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2021-12-09 12:52 AM
Jump to solution

There is a way with versions up to R77.xx - unsupported procedure attached 8)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

Rebuild SMS from conf.txt
Preview file
5 KB
11 Replies
Ruan_Kotze
Advisor
‎2021-12-09 12:51 AM
Jump to solution

Not that I know of unfortunately.  You can try running the rulebases_5_0.fws through something like Nipper to get a policy printout.

Just a thought - if you have access to the filesystem are there perhaps backups under /var/log/CPbackup/backups/

I've also had success moving hard drives between appliances.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-12-09 12:52 AM
Jump to solution

There is a way with versions up to R77.xx - unsupported procedure attached 8)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Rebuild SMS from conf.txt
Preview file
5 KB
G_W_Albrecht
Legend Legend
Legend
‎2021-12-09 02:34 AM
In response to G_W_Albrecht
Jump to solution

See also View rulebase when only CLI available

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
JorgenSpange
Contributor
‎2021-12-10 02:23 AM
In response to G_W_Albrecht
Jump to solution

Thanks so much for your contribution! We've tried this now and got some progress, I will update you when I know the final result.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-12-15 08:52 AM
In response to G_W_Albrecht
Jump to solution

Nice to see that SK still kicking around! It's probably the most enduring single piece of documentation I've written.

Just be aware the part about removing certificates can be pretty dangerous. More than once, someone left an extra close paren in place, and when they started the management again, it hosed the objects file. If you use this process, be absolutely sure you have extra copies of all the files, including some on at least one other machine.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-12-15 11:29 PM
In response to Bob_Zimmerman
Jump to solution

Which SK was it ? I just have the procedure, file dated 2013...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-12-16 07:10 AM
In response to G_W_Albrecht
Jump to solution

It's sk32508. I eventually got fast enough that I could get somebody an upgrade_export less than 30 minutes after getting those files from a dead management.

Of course, now everything is in a PostgreSQL database rather than text files. I left the TAC before R80 was even announced outside R&D, so I never figured out an equivalent process for it.

0 Kudos
JorgenSpange
Contributor
‎2021-12-17 08:42 AM
In response to Bob_Zimmerman
Jump to solution

Hey,

 

I've tried the procedure, but the firewall blade is not coming up. I have different versions of the files, do you know which files that contain the firewall blade?

0 Kudos
JorgenSpange
Contributor
‎2021-12-17 03:56 PM
In response to JorgenSpange
Jump to solution

Got to open the firwall blade and the ruleset is empty. Any suggestions?

0 Kudos
JorgenSpange
Contributor
‎2021-12-17 04:41 PM
In response to JorgenSpange
Jump to solution

Just tested with some other files and seems like that worked. thanks so much!

0 Kudos
the_rock
Legend
Legend
‎2021-12-16 09:58 AM
Jump to solution

I was just about to send you same process @G_W_Albrecht attached. But yes, he is correct, definitely not supported, but your best bet.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top