Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Easy Backup Tool

HeikoAnkenbrand
Champion Champion
Champion

asy Backup Tool

Features


This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup":

 


- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

- MDS   > All CMA's a

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(4)
99 Replies

spiros-p
Participant

Nice tool!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

sonics
Explorer

Hello Heiko

First many thanks for that great script. i have 3 questions:

1. We also backup our smartevent server with ebackup but because it has no gateway on it ebackup gives the following back:

Backup GAIA config gateways:

Failed -

2. would it be possible to write the results of the ebackup to a log file and than parse that with a monitoring tool to be aware of failed backups?

 

3. we also have a 80.30 MDM to save and when run ebackup it gives me the following error:

MDS

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

sonics
Explorer

Hello all

We have also figured out that with MDM 80.30 and ebackup the path to the migrate export is wrong and we had to set that manually inside the ebackup script. here the infos about it:

original: # $MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v $RVER $REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

changed to: /opt/CPsuite-R80.30/fw1/scripts/migrate_server export -skip_upgrade_tools_check -n -v $RVER $REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

 

best rega

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

nils_alfer
Contributor

very nice tool

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Hammar
Participant

Does it work with R81?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Tedi_Barer
Explorer

Great script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Nik
Explorer

Hi Heiko,

Thank you for the utility.

Do you plan an option to include only sms without gateways in the backup file?

Also, I found when I run ebackup -v, I see that cpstop/cpstart are still executed. Shouldn't they be executed with -s flag only? I'm running R80.40 in AWS. 

Regards,

Nikolay

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Hi @Nik,

I'll take a look at it in the script.

I have found another small issue with R81. Here the version recognition does not work correctly. I will change this in the script in the next days.

Regards,
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Nik
Explorer

Hi Heiko, 

Thank you so much.

Since we're using a Security product, could you also look at the option of copying the backup over scp with user/pass and a certificate or .key file? 😉

Thank you in advance. 

Nikolay 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

msompong
Explorer

Hi @HeikoAnkenbrand ,

First of all I would like to say thank you for your sharing this tool.

Because I'm very new in Checkpoint I have some of question.

- I've just to copy the script to the Checkpoint Smart-1 and then it will be backup the firewall policy and the gateway configuration right?

- I've copied your scrip and run , but I've got the error below How can I resolve it?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Infinigate_Sup
Participant

There is a small bug with R81. The version string is not correct! 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

sonics
Explorer

Hello. is there allready a solution that works with R81?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

sonics
Explorer

Hello Infinigate_Sup. where is that bug and how to solve it?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

pasoftware
Explorer

Hi Heiko,

 

Thank you very much for sharing this tool.

 

I have copied the script onto an R80.40, and it's giving an error which is attached. This error has also been reported in the Easy View Tool (Easy View Tool - Check Point CheckMates) yet the solution didn't work for me.

Any ideas pls?

 

David

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

@pasoftware there is no attachment here. Please use picture icon to add your pic to the post

Screenshot 2021-04-12 at 16.19.51.png

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

pasoftware
Explorer

Sorry for that, error is now attached.

 

Thanks Capture.PNG

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

Check API is enabled, and the client is in the list of authorised IPs

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

pasoftware
Explorer

Thank you for your help.

However the issue was the port number. I've changed the port number in the script to the one i got from the api status command and its working now.

Thanks again.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

@pasoftware great to know, that would be my second recommendation, to check the port

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Simon_Macpherso
Advisor

Hi Heiko

Looks interesting.

I see there are a few comments re integrated SCP transfer in to this.  

Has this been added or is it on the roadmap to add?

Also after reviewing the bash script I see this is only targeting simple gateways and servers.

Are you planning on adding support to target simple clusters also?

Regards,

Simon

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Amir_Arama
Advisor

Hi,

do you have the option to run the ezbackup from mgmt to all GWs at once? i don't want to instal and run it on each gw separately thx

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

moritz_r
Participant
Participant

Hi @Amir_Arama, the ebackup script is written to run it on a Management Server too. Just install it on the Management Server and you can use the command "ebackup" to run. It will collect a "migrate_export" and "save configuration" from the management itself and all Gateways. Check the content of the output file in the end and you will see.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Matt_Ricketts
Employee
Employee

There may be an issue with the ebackup script on a clean R81.10 SMS install.  I have been running this on my SMS for a while now and everything has been working great. I think I started using ebackup around 80.30 or 80.40? I had done a clean install of R81 and imported my export, then reinstalled ebackup. I did an inplace upgrade to R81.10 back in July and my most recent backup from this past Monday has everything as expected. So ebackup was still running well.

I rebuilt my  SMS today

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Hi @Matt_Ricketts,

I'll take a look at this in the next few days.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

mhuettig
Participant

Hi @HeikoAnkenbrand ,

i´ve just installed ebackup v2.3 on our mgmt.

But i got error:

The SMS is running but a connect to management API isn't possible.

Regards Michael

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Matt_Ricketts
Employee
Employee

If you run the command api status on your SMS, does it return "API readiness test SUCCESSFUL. The server is up and ready to receive connections"? If not, something else may be off/incorrect.

 

I might also look at your Management API Advanced Settings within Smart Console. I don't believe anything needs to be changed here, but worth a look. In SmartConsole, Manage & Settings, Blades, Management API Advanced Settings. For me, mine is set to Accept API calls from Mgmt server only.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

mhuettig
Participant

Hi Matt,

i´ve checked api status, set Accept API calls from Mgmt server only and did api restart, Status is API readiness test SUCCESSFUL

Starting again i got

Logout failed
The SMS is running but a connect to management API isn't possible.

I set Accept API calls from: All IPs that can be used for GUI Clients because Tufin lost connection.

Using correct port solves the problem, starting ebackup -p 4434 works. Easy solution doing the right things 😀

Tufin still have no conne

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

RGMH
Explorer

Hello Heiko,

Can you confirm the format of your Cronjob command in the documentation.  It shows as  22  00  *  *  6 for 10:00PM on Saturday but when I look at Cron formats that would be at 12:22.  10:00pm would be 00 22 * * 6.  Can you confirm?

 

Thanks,

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

ori1
Participant

Nice Tool!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

sonics6
Explorer

Hello all. i have a problem with s SMS with 40 gateways 80.30 and some of them with the following names are not backuped at all:

fwa20010002

fwa20010001

fwa10010001

fwa10010002

fwa30010001

 

could any one help here what i can change inside the script that also those 15400 checkpoints are backeduped?

 

best regards

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos