Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matt_Dunn
Participant
Jump to solution

DB Revision in R80.10

Hi,

Possibly a newbie question, but I'm trying to see how I can revert deleted objects in R80.10?  In R77 if I took a DB Revision, then deleted a stack of objects, I could revert the revision and get the objects back.  I can't see how that's done in R80.10, and sk113615 suggests it's not possible.  Is this true, or am I missing something?  I want to delete over 200 objects which I don't *think* are required any more, but it'd be comforting to know I can get them back easily if needed.

Thanks,

Matt

0 Kudos
1 Solution

Accepted Solutions
AlekseiShelepov
Advisor

There is a very useful recent guide on revisions in R80.10 on CheckMates already:

R80+ Change Control: A Visual Guide

With a search you can find other helpful threads:

R80.10 Policy Revision 

Revisions Management in R80.x 

View solution in original post

4 Replies
AlekseiShelepov
Advisor

There is a very useful recent guide on revisions in R80.10 on CheckMates already:

R80+ Change Control: A Visual Guide

With a search you can find other helpful threads:

R80.10 Policy Revision 

Revisions Management in R80.x 

Tomer_Sole
Mentor
Mentor

Hi,

What I would suggest is either:

1. Use the detailed audit logs to recreate objects. See What are the features inside SmartConsole which contain integrated audit logs?  

2. Use API tools like Python tool for exporting specific types of objects from the management server  to recreate objects from a past revision in the current revision.

Generally the approach with R80 Security Management and above is, if you had a misconfiguration which failed connectivity after a policy installation, you can revert the installed policy on the Gateway while keeping the Security Management data up-to-date, allowing you to take the time and find the individual root cause while the organization lives with the last known good configuration. For more on this, see How to revert a Policy or discard changes? 

Jay_Jeffcoat
Participant

It looks like Check Point removed the ability to take manual database revisions, I prefer to take my revisions BEFORE modifying objects, policies, etc rather than after. I've never understood the point of taking a database revision right before installing policy rather than before doing the work where you have a known successful policy that can then be pushed back to the gateways if needed.

***If there's a way of manually taking one in R80.x and I just don't know about it then I apologize.

Tomer_Sole
Mentor
Mentor

Quite the contrary. R80 security management architecture takes automatic revisions upon every publish operation. The revisions are negligible in size and only contain the delta diff. Installing the last known good configuration on a gateway is available at the Installation History page and utilizes the automatic revisions.  Please check the R80.10 security management architecture thread and let us know your comments of the new approach (in that thread). 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events