Re: Easy Backup Tool - Page 3

HeikoAnkenbrand

asy Backup Tool

Features

This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup":

- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

- MDS > All CMA's are read out and their gateways backuped.
- SMS > All gateways are read out and backuped.

Note:
- Tested with R80.10, R80.20 and R80.30.
- If the tool is started on a MDS, a mdsstop and mdsstart is performed during the migrate_server export.

CLI Parameter

Syntax	Description
-s	The option -s performs a cpstop and cpstart when the migrate export tool is executed.
-v	The option -v shows the gateway OS, JHF, Kernel, Type of all gateways.
-l	The option -l shows all ebackup tgz files in /var/log/.
-d	The option -d delete all ebackup tgz files in /var/log/.
-no_migrate / -n	The option -no_migrate has the consequence that no migrate export is executed.
-port <sms port> / -p <sms port>	The option -port <sms port> add the management server port, if it's not running on port 443.
-ftpserver <ftp server ip> -ftpuser <username> -ftppw <password>	The ftp options allow to upload the tar file to a ftp server.
- cpupload <cp_system_ip>	The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util.

Example

# ebackup                    -> Backup all GAIA configs from all gateways + migrate export with locale backup file (/var/log/[date]_ebackup.tgz)
# ebackup -s                     -> Backup all GAIA configs from all gateway + migrate export with cpstop and cpstart for migrate export
# ebackup -no_migrate                                                                         -> Backup all GAIA configs from all gateway without migrate export
# ebackup -ftpserver 1.1.1.1 -ftpuser username -ftppw test123   -> Backup all GAIA configs from all gateway + migrate export with ftp upload

# ebackup -cpupload 1.1.1.1 -> Backup all GAIA configs from all gateway + migrate export with cp upload via cprid_util

Install Tool

Use this auto installer script from "Spoiler" on the SMS or MDS as CLI command in expert mode:

Click to Expand

curl_cli -k http://www.ankenbrand24.de/inst_ebackup > /tmp/inst_ebackup && chmod 770 /tmp/inst_ebackup && /tmp/inst_ebackup

curl_cli -k http://www.ankenbrand24.de/inst_ebackup > /tmp/inst_ebackup && chmod 770 /tmp/inst_ebackup && /tmp/inst_ebackup

Or "copy and past" the following script block from "Spoiler" to your SMS or MDS (in expert mode):

Click to Expand

cat <<EOT > /usr/bin/ebackup
#!/bin/bash
#
# Script Author  : Heiko Ankenbrand
# Script Website : https://www.ankenbrand24.de
# Script Source  : https://www.ankenbrand24.de/inst_ebackup
# License        : GNU General Public License (GPL)
#
if [[ -e /etc/profile.d/CP.sh ]]; then source /etc/profile.d/CP.sh; else echo "Unsupported Environment"; exit 1; fi
if [[ -e /etc/profile.d/vsenv.sh ]]; then source /etc/profile.d/vsenv.sh; fi
FILE_PATH="/var/log/ebackup";
mkdir \$FILE_PATH > /dev/null 2>&1;
rm /tmp/ebackup_topo > /dev/null 2>&1;
rm /tmp/ebackup_MGTIP > /dev/null 2>&1;
# rm /usr/local/bin/ebackup > /dev/null 2>&1;
rm /tmp/ebackup_mdsstatus > /dev/null 2>&1;
rm /tmp/ebackup_login > /dev/null 2>&1;
rm /tmp/ebachup_cpupload /dev/null 2>&1;
REMOTE_RM="\$FILE_PATH/202*";
rm \$REMOTE_RM > /dev/null 2>&1;
NOW=\$(date +"%Y_%m_%d_%H%M");
clear;
echo -e "\e[7m";
printf '%.s-' {1..78};echo;
echo '- Easy Backup Tool v3.0                    - Copyright Heiko Ankenbrand 2023 -';
printf '%.s-' {1..78};
echo -e "\e[0m"
SHOW_SUM="0";
MIGRATE="1";
MGPORT="443";
FTPSERVER="";
FTPPW="non";
FTPUSER="anonymous";
serv_value="99";
REMOTE_INFO_V="0";
RVER=`fwm ver | awk '{print \$8}'`;

mSITIONAL=()
while [[ \$# -gt 0 ]]
do
key="\$1"
case \$key in
    -h|--help|-\?)
       shift;
       echo;echo 'Help: ';echo;
       echo "-l, --list                 The option -l  shows all ebackup tgz files in /var/log/.";
       echo "-d, --delete               The option -d  delete all ebackup tgz files in /var/log/.";
       echo "-s, --stop                 The option -s  performs a cpstop and cpstart when the migrate export tool is executed.";
       echo "-n, --no_migrate           The option -n  has the consequence that no migrate export/ migrate_server is executed.";
       echo "-v, --version              The option -v  shows the gateway OS, JHF, Kernel, Type";
       echo "-u, --user                 The option -u  shows the conneted users on the SMS";
       echo "-p <port>, -port <port>    The option -p  <port> add the management server port, if it's not running on port 443.";
       echo "-ftpserver <ftp server ip> The ftp options allow to upload the tar file to a ftp server.";
       echo "-ftpuser <username> ";
       echo "-ftppw <password>";
       echo "-cpupload <cp system ip>   The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util.";
       echo "";
       echo "Examples:";
       echo "ebackup -s -ftpserver 192.168.1.1 -ftpuser test -ftppw secret -> backup all gateways + migrate export + cpstop + ftp upload";
       echo "ebackup -s -cpupload  192.168.1.1                             -> backup all gateways + migrate export + cpstop+ ";
       echo "                                                                 backup of the tgz file to another gateway or SMS";
       echo "ebackup -n                                                    -> backup all gateways + without migrate export";
       echo;printf '%.s-' {1..78};echo;
       SHOW_SUM="0";
       exit 1;
    ;;
    -s|--stop)
       shift;
       SHOW_SUM="1";
    ;;
    -v|--version)
       shift;
       SHOW_SUM="1";
       REMOTE_INFO_V="1";
    ;;
    -u|--user)
       shift;
       SHOW_SUM="1";
       echo; cpstat mg |grep -e '|\|-' | cat; echo;
       exit 1;
    ;;
    -d|--delete)
       shift;
       SHOW_SUM="1";
       echo; echo "Delete all ebackup tgz files.";echo;
       rm /var/log/202* > /dev/null 2>&1;
       exit 1;
    ;;
    -l|--list)
       shift;
       SHOW_SUM="1";
       echo;echo -e "File \t\t\t\t\tBytes";
       printf '%.s-' {1..78};
       echo; ls -la /var/log/202* 2>&1| grep -v access|  awk '{print \$9 "\t\t" \$5}' |sed 's/\/var\/log\///'; echo;
       exit 1;
    ;;
    -port|-p)
       MGPORT="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftpserver)
       FTPSERVER="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftpuser)
       FTPUSER="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    -ftppw)
       FTPPW="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
     -cpupload)
       CPUPLOAD="\$2";
       shift;
       shift;
       SHOW_SUM="0";
    ;;
    --no_migrate|-no_migrate|-n)
       shift;
       SHOW_SUM="0";
       MIGRATE="0";
    ;;

    *)    # unknown option
    #echo "unknown"
    POSITIONAL+=("\$1") # save it in an array for later
    shift # past argument
    SHOW_SUM="1";
    ;;
esac
done

############ Check MDS and SMS     #########
echo;

if [ "X\$MDSDIR" != "X" ]; then
     MDSSTATUS_HA=\$(mdsstat | grep -m 1 MDS | awk '{print \$8}');
     if [ \$MDSSTATUS_HA = "up"  ]; then
           mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login;
           if grep -q Gaia /tmp/ebackup_login; then
               echo -n "The MDS is running in version "\$RVER;echo ".";echo;
               serv_value="1";
           else
               echo "The MDS is running but a connect to management API isn't possible.";echo;
               exit 1;
           fi
     else
         echo -n "MDS is not running. (Status > "\$MDSSTATUS_HA;echo ")";echo;
         exit 1;
     fi
else
     #Check SMS
     CPM_PID=\$(ps -efww | grep java | grep cpm.Cpm | awk '{print \$2}');
     if [ -z \$CPM_PID ]; then
           echo "The SMS is not running.";echo;
     exit 1;
     else
           mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login;
           if grep -q Gaia /tmp/ebackup_login; then
               echo -n "The SMS is running in version "\$RVER;echo ".";echo;
               serv_value="0";
           else
               echo "The SMS is running but a connect to management API isn't possible.";echo;
               exit 1;
           fi
     fi
fi
if [ \$serv_value -eq 1  ]; then
   mdsenv > /dev/null 2>&1;
   mdsstat | grep CMA | awk '{print \$6}' >> /tmp/ebackup_MGTIP
   mdsstat | grep MDS | awk '{print \$6}' >> /tmp/ebackup_MDSIP
fi
############ Read gateways     #########
if  [ \$serv_value -gt 0  ]; then
       echo "Read gateways from CMA: ";echo;
       while read -r hostip;
       do
           CMASTATUS_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$8}');
           CMANAME_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$4}');
           if [ \$CMASTATUS_HA = "up"  ]; then
               echo "   OK     - "\$CMANAME_HA;
               CMACOUNT=\$(mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name"  ' |xargs -n 2| grep -c ".");
               if [ \$CMACOUNT != 0 ]; then
                     mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway","CpmiClusterMember", "cluster-member")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0.  | sed -e "s/\$/ \$hostip/"  >> /tmp/ebackup_topo;
               fi
           else
               echo " Failed   - "\$CMANAME_HA;
           fi
       done < /tmp/ebackup_MGTIP
       echo;
else
     # read SMS gateways
     mgmt_cli -r --port \$MGPORT true show gateways-and-servers details-level full limit 500 offset 0 --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway","CpmiClusterMember", "cluster-member")) | ."ipv4-address",."name"  ' |xargs -n 2 | grep -v 0.0.0. |grep -v null | sed -e "s/\$/ x.x.x.x/" 2>&1> /tmp/ebackup_topo;
fi
######## GAIA Config save all gateways   #########
if [ ! -f /tmp/ebackup_topo ]; then
   echo "No gateways found!";
else
   echo "clish -c 'show configuration' > /var/log/g_output.txt" > /tmp/g_command.txt;
   echo "Backup GAIA config gateways:";echo;
   while read -r REMOTE_IP REMOTE_NAME REMOTE_CMA;
     do
     REMOTE_FILE="\$NOW-\$REMOTE_NAME";
     REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
     mdsenv \$REMOTE_CMA > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output.txt -local_file \$REMOTE_DATEI > /dev/null 2>&1;
     #echo -n "";
     if [ ! -f \$REMOTE_DATEI ]; then
       echo -n " Failed   - ";
       else
       if grep -q hostname \$REMOTE_DATEI; then
          echo -n "   OK     - ";
          if [ \$REMOTE_INFO_V == "1" ] ; then
            $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /usr/bin/ebackup_command -remote_file /var/log/ebackup_command.txt > /dev/null 2>&1;
            $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/ebackup_command.txt > /dev/null 2>&1;
            $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output1.txt -local_file /tmp/ebackup_gateway_info.txt > /dev/null 2>&1;
          fi
       else
          echo -n " Failed   - ";
       fi
     fi
     echo -n \$REMOTE_NAME;
     echo -n "   ";
     if [ \$REMOTE_INFO_V == "1" ] ; then
        if [ -f /tmp/ebackup_gateway_info.txt ]; then
           REMOTE_INFO=\$(cat /tmp/ebackup_gateway_info.txt);
           echo; echo -n "           " \$REMOTE_INFO;
           rm /tmp/ebackup_gateway_info.txt;
           else
           echo; echo -n "            (no gateway information available)";
        fi
     fi
     if [ \$serv_value -eq 1  ]; then
        CMANAME_HA=\$(mdsstat | grep \$REMOTE_CMA | awk '{print \$4}');
        echo;    echo -n "            (CMA: "\$CMANAME_HA;echo -n ")";
     fi
     echo;
    done < /tmp/ebackup_topo;
fi
echo;
######## GAIA config management save     #########
echo "Backup GAIA config Management:";echo;
REMOTE_FILE="\$NOW-Management";
REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
clish -c 'show configuration' > \$REMOTE_DATEI;
     if [ ! -f \$REMOTE_DATEI ]; then
       echo -n "  Failed - ";
       else
       if grep -q hostname \$REMOTE_DATEI; then
          echo -n "   OK     - ";
       else
          echo -n " Failed   - "
       fi
     fi
     echo -n "Management   ";
     /usr/bin/ebackup_command;
     if [ \$REMOTE_INFO_V == "1" ] ; then
        if [ -f /var/log/g_output1.txt ]; then
           REMOTE_INFO=\$(cat /var/log/g_output1.txt);
           echo; echo -n "           " \$REMOTE_INFO;
           rm /var/log/g_output1.txt;
        fi
     fi
     echo;echo;

############## SMS ############################
# SMS migrate export
if [ \$serv_value -eq 0  ]; then
  if [ \$MIGRATE == "1" ] ; then
    REMOTE_FILE="\$NOW-SMS-Migrate-Export";
    REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
    echo;echo "Migrate Export SMS:";echo;
    if [ \$SHOW_SUM == "1" ] ;
      then
        cpstop > /dev/null 2>&1;
        echo "   OK     - cpstop";
    fi
    REMOTE_DATEI_CHK="\$REMOTE_DATEI.tgz";

    $FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> \tmp\ebackup_migrate ;
       if [ ! -f \$REMOTE_DATEI_CHK ]; then
           echo " Failed   - SMS migrate export";
       else
           echo "   OK     - SMS migrate export";
       fi

    if [ \$SHOW_SUM == "1" ] ;
      then
        cpstart > /dev/null 2>&1;
        echo "   OK     - cpstart";
    fi
  fi
fi
############## MDS ############################
if [ \$MIGRATE == "1" ] ; then
 if  [ \$serv_value -gt 0  ]; then
   VER=`fwm ver | awk '{print \$8}' | sed 's/R80.//g'`
   if [ \$VER -lt 30  ]; then
        ### MDS version R80, R80.10, R80.20 migrate export
        REMOTE_FILE="\$NOW-MDS-Migrate-Export";
        REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
        mds/tmp/ebackup_migrateenv > /dev/null 2>&1
        echo -n "MDS migrate export (migrate export) "\$RVER;echo ":";echo;
        if [ \$SHOW_SUM == "1" ] ;then
           mdsstop > /dev/null 2>&1;
           echo "   OK     - MDS mdsstop";
        fi
        \$MDS_FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;
        if [ ! -f \$REMOTE_DATEI_CHK ]; then
           echo " Failed   - MDS R80, R80.10, R80.20 (migrate export)";
        else
           echo "   OK     - MDS R80, R80.10, R80.20 (migrate export)";
        fi
        if [ \$SHOW_SUM == "1" ] ;then
           mdsstart > /dev/null 2>&1;
           echo "   OK     - MDS mdsstart";
        fi
   else
        ### MDS version R80.30+ migrate_server
        REMOTE_FILE="\$NOW-MDS-Migrate-Server";
        REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE";
        mdsenv > /dev/null 2>&1;
        echo;echo -n "MDS migrate server (migrate_server) "\$RVER;echo ":";echo;
        \$MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v \$RVER \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

            if grep -q "sk135172" /tmp/ebackup_migrate; then
                echo " Failed   - MDS R80.30+ migrate_server export (No upgrade tools package is installed refer to sk135172)";
            else
                if [ ! -f \$REMOTE_DATEI ]; then
                    echo " Failed   - MDS R80.30+ migrate_server export";
                else
                    echo "   OK     - MDS R80.30+ migrate_server export";
                fi
            fi
   fi
 fi
fi
############## TAR ############################
echo;echo "Tar file location:";echo;
REMOTE_FILE="\$NOW-ebackup";
REMOTE_DATEI="/var/log/\$REMOTE_FILE.tgz";
REMOTE_TAR="\$FILE_PATH";
# echo \$REMOTE_TAR
# echo \$REMOTE_DATEI

tar -czf \$REMOTE_DATEI \$REMOTE_TAR> /dev/null 2>&1;

     if [ ! -f \$REMOTE_DATEI ]; then
            echo " Failed   - tar file";
       else
          echo -n "   OK     - tar file (" ;
          echo -n \$REMOTE_DATEI;
          echo ")";
     fi
echo;
############## FTP ############################
if [ "X\$FTPSERVER" != "X" ]; then

   FTPDATEI="\$REMOTE_FILE.tgz";
   echo;echo "FTP upload:";echo;
   echo "
   verbose
   user \$FTPUSER \$FTPPW
   bin
   lcd /var/log
   put \$FTPDATEI
   bye
   " | /usr/bin/ftp -in \$FTPSERVER > /tmp/ebackup_ftp 2>&1;
   if grep -q 226 /tmp/ebackup_ftp; then
       echo "   OK     - FTP upload";
   else
       echo " Failed   - FTP upload (Log: /tmp/ebackup_ftp)";
   fi
   echo;
fi

############## CPUPLOAD ############################
if [ "X\$CPUPLOAD" != "X" ]; then


     #REMOTE_FILE="\$NOW-\$REMOTE_NAME";
     #REMOTE_DATEI1="\$FILE_PATH/\$REMOTE_FILE";
     CPUPLOADDATEI="\$REMOTE_DATEI";
     echo "CP upload to \$CPUPLOAD:";echo;
     echo "ls \$CPUPLOADDATEI > /var/log/g_output.txt" > /tmp/g_command.txt;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file \$CPUPLOADDATEI -remote_file \$CPUPLOADDATEI  > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1;
     $CPDIR/bin/cprid_util -server \$CPUPLOAD getfile -remote_file /var/log/g_output.txt -local_file /tmp/ebachup_cpupload > /dev/null 2>&1;
     if [ ! -f /tmp/ebachup_cpupload ]; then
       echo " Failed   - CP upload to \$CPUPLOAD ";
       else
       if grep -q tgz /tmp/ebachup_cpupload; then
          echo "   OK     - CP upload file (\$CPUPLOADDATEI)";

       else
          echo " Failed   - CP upload to \$CPUPLOAD";
       fi
     fi
     echo;
fi



REMOTE_RM="\$FILE_PATH/202*";
rm \$REMOTE_RM > /dev/null 2>&1;
rm /tmp/g_command.txt > /dev/null 2>&1;
rm /tmp/ebackup_topo > /dev/null 2>&1;
rm /tmp/ebachup_cpupload > /dev/null 2>&1;
rm /tmp/ebackup_MGTIP > /dev/null 2>&1;
rm /tmp/ebackup_migrate > /dev/null 2>&1;
rm /tmp/ebackup_mdsstatus > /dev/null 2>&1;
rm /tmp/ebackup_login > /dev/null 2>&1;
EOT
cat <<EHA > /usr/bin/ebackup_command
#!/bin/bash
J=\`cpinfo -y all 2>/dev/null | grep JUMBO | tail -n1 | awk '{print \$3}'\`;
O=\`cat /etc/cp-release | cut -c 13- | sed 's/^ *//g' | sed 's/\s*$//g'\`;
OSM=\`uname -a | grep -c x86_64\`; [ \$OSM == 0 ] && { OSM=32; } || { OSM=64; };
K=\`uname -r | sed 's/\([0-9]\+\.[0-9]\+\)\..*/\1/'\`;
T=\`cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c 17- \`;
echo "(\${O}, Kernel \${K}, \${OSM} Bit, JHF \${J}, \${T})" > /var/log/g_output1.txt ;
EHA
chmod 770 /usr/bin/ebackup;
chmod 770 /usr/bin/ebackup_command;

cat <<EOT > /usr/bin/ebackup #!/bin/bash # # Script Author : Heiko Ankenbrand # Script Website : https://www.ankenbrand24.de # Script Source : https://www.ankenbrand24.de/inst_ebackup # License : GNU General Public License (GPL) # if [[ -e /etc/profile.d/CP.sh ]]; then source /etc/profile.d/CP.sh; else echo "Unsupported Environment"; exit 1; fi if [[ -e /etc/profile.d/vsenv.sh ]]; then source /etc/profile.d/vsenv.sh; fi FILE_PATH="/var/log/ebackup"; mkdir \$FILE_PATH > /dev/null 2>&1; rm /tmp/ebackup_topo > /dev/null 2>&1; rm /tmp/ebackup_MGTIP > /dev/null 2>&1; # rm /usr/local/bin/ebackup > /dev/null 2>&1; rm /tmp/ebackup_mdsstatus > /dev/null 2>&1; rm /tmp/ebackup_login > /dev/null 2>&1; rm /tmp/ebachup_cpupload /dev/null 2>&1; REMOTE_RM="\$FILE_PATH/202*"; rm \$REMOTE_RM > /dev/null 2>&1; NOW=\$(date +"%Y_%m_%d_%H%M"); clear; echo -e "\e[7m"; printf '%.s-' {1..78};echo; echo '- Easy Backup Tool v3.0 - Copyright Heiko Ankenbrand 2023 -'; printf '%.s-' {1..78}; echo -e "\e[0m" SHOW_SUM="0"; MIGRATE="1"; MGPORT="443"; FTPSERVER=""; FTPPW="non"; FTPUSER="anonymous"; serv_value="99"; REMOTE_INFO_V="0"; RVER=`fwm ver | awk '{print \$8}'`; mSITIONAL=() while [[ \$# -gt 0 ]] do key="\$1" case \$key in -h|--help|-\?) shift; echo;echo 'Help: ';echo; echo "-l, --list The option -l shows all ebackup tgz files in /var/log/."; echo "-d, --delete The option -d delete all ebackup tgz files in /var/log/."; echo "-s, --stop The option -s performs a cpstop and cpstart when the migrate export tool is executed."; echo "-n, --no_migrate The option -n has the consequence that no migrate export/ migrate_server is executed."; echo "-v, --version The option -v shows the gateway OS, JHF, Kernel, Type"; echo "-u, --user The option -u shows the conneted users on the SMS"; echo "-p <port>, -port <port> The option -p <port> add the management server port, if it's not running on port 443."; echo "-ftpserver <ftp server ip> The ftp options allow to upload the tar file to a ftp server."; echo "-ftpuser <username> "; echo "-ftppw <password>"; echo "-cpupload <cp system ip> The option -cpupload performs a backup upload to a other Check Point gateway or SMS via cprid_util."; echo ""; echo "Examples:"; echo "ebackup -s -ftpserver 192.168.1.1 -ftpuser test -ftppw secret -> backup all gateways + migrate export + cpstop + ftp upload"; echo "ebackup -s -cpupload 192.168.1.1 -> backup all gateways + migrate export + cpstop+ "; echo " backup of the tgz file to another gateway or SMS"; echo "ebackup -n -> backup all gateways + without migrate export"; echo;printf '%.s-' {1..78};echo; SHOW_SUM="0"; exit 1; ;; -s|--stop) shift; SHOW_SUM="1"; ;; -v|--version) shift; SHOW_SUM="1"; REMOTE_INFO_V="1"; ;; -u|--user) shift; SHOW_SUM="1"; echo; cpstat mg |grep -e '|\|-' | cat; echo; exit 1; ;; -d|--delete) shift; SHOW_SUM="1"; echo; echo "Delete all ebackup tgz files.";echo; rm /var/log/202* > /dev/null 2>&1; exit 1; ;; -l|--list) shift; SHOW_SUM="1"; echo;echo -e "File \t\t\t\t\tBytes"; printf '%.s-' {1..78}; echo; ls -la /var/log/202* 2>&1| grep -v access| awk '{print \$9 "\t\t" \$5}' |sed 's/\/var\/log\///'; echo; exit 1; ;; -port|-p) MGPORT="\$2"; shift; shift; SHOW_SUM="0"; ;; -ftpserver) FTPSERVER="\$2"; shift; shift; SHOW_SUM="0"; ;; -ftpuser) FTPUSER="\$2"; shift; shift; SHOW_SUM="0"; ;; -ftppw) FTPPW="\$2"; shift; shift; SHOW_SUM="0"; ;; -cpupload) CPUPLOAD="\$2"; shift; shift; SHOW_SUM="0"; ;; --no_migrate|-no_migrate|-n) shift; SHOW_SUM="0"; MIGRATE="0"; ;; *) # unknown option #echo "unknown" POSITIONAL+=("\$1") # save it in an array for later shift # past argument SHOW_SUM="1"; ;; esac done ############ Check MDS and SMS ######### echo; if [ "X\$MDSDIR" != "X" ]; then MDSSTATUS_HA=\$(mdsstat | grep -m 1 MDS | awk '{print \$8}'); if [ \$MDSSTATUS_HA = "up" ]; then mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login; if grep -q Gaia /tmp/ebackup_login; then echo -n "The MDS is running in version "\$RVER;echo ".";echo; serv_value="1"; else echo "The MDS is running but a connect to management API isn't possible.";echo; exit 1; fi else echo -n "MDS is not running. (Status > "\$MDSSTATUS_HA;echo ")";echo; exit 1; fi else #Check SMS CPM_PID=\$(ps -efww | grep java | grep cpm.Cpm | awk '{print \$2}'); if [ -z \$CPM_PID ]; then echo "The SMS is not running.";echo; exit 1; else mgmt_cli -r --port \$MGPORT true show version 2>&1> /tmp/ebackup_login; if grep -q Gaia /tmp/ebackup_login; then echo -n "The SMS is running in version "\$RVER;echo ".";echo; serv_value="0"; else echo "The SMS is running but a connect to management API isn't possible.";echo; exit 1; fi fi fi if [ \$serv_value -eq 1 ]; then mdsenv > /dev/null 2>&1; mdsstat | grep CMA | awk '{print \$6}' >> /tmp/ebackup_MGTIP mdsstat | grep MDS | awk '{print \$6}' >> /tmp/ebackup_MDSIP fi ############ Read gateways ######### if [ \$serv_value -gt 0 ]; then echo "Read gateways from CMA: ";echo; while read -r hostip; do CMASTATUS_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$8}'); CMANAME_HA=\$(mdsstat | grep CMA| grep \$hostip | awk '{print \$4}'); if [ \$CMASTATUS_HA = "up" ]; then echo " OK - "\$CMANAME_HA; CMACOUNT=\$(mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name" ' |xargs -n 2| grep -c "."); if [ \$CMACOUNT != 0 ]; then mgmt_cli -r --port \$MGPORT true -d \$hostip show gateways-and-servers offset 0 limit 500 details-level full --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway","CpmiClusterMember", "cluster-member")) | ."ipv4-address",."name" ' |xargs -n 2 | grep -v 0.0.0. | sed -e "s/\$/ \$hostip/" >> /tmp/ebackup_topo; fi else echo " Failed - "\$CMANAME_HA; fi done < /tmp/ebackup_MGTIP echo; else # read SMS gateways mgmt_cli -r --port \$MGPORT true show gateways-and-servers details-level full limit 500 offset 0 --format json | \$CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway","CpmiClusterMember", "cluster-member")) | ."ipv4-address",."name" ' |xargs -n 2 | grep -v 0.0.0. |grep -v null | sed -e "s/\$/ x.x.x.x/" 2>&1> /tmp/ebackup_topo; fi ######## GAIA Config save all gateways ######### if [ ! -f /tmp/ebackup_topo ]; then echo "No gateways found!"; else echo "clish -c 'show configuration' > /var/log/g_output.txt" > /tmp/g_command.txt; echo "Backup GAIA config gateways:";echo; while read -r REMOTE_IP REMOTE_NAME REMOTE_CMA; do REMOTE_FILE="\$NOW-\$REMOTE_NAME"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; mdsenv \$REMOTE_CMA > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output.txt -local_file \$REMOTE_DATEI > /dev/null 2>&1; #echo -n ""; if [ ! -f \$REMOTE_DATEI ]; then echo -n " Failed - "; else if grep -q hostname \$REMOTE_DATEI; then echo -n " OK - "; if [ \$REMOTE_INFO_V == "1" ] ; then $CPDIR/bin/cprid_util -server \$REMOTE_IP putfile -local_file /usr/bin/ebackup_command -remote_file /var/log/ebackup_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP -verbose rexec -rcmd /bin/bash -f /var/log/ebackup_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$REMOTE_IP getfile -remote_file /var/log/g_output1.txt -local_file /tmp/ebackup_gateway_info.txt > /dev/null 2>&1; fi else echo -n " Failed - "; fi fi echo -n \$REMOTE_NAME; echo -n " "; if [ \$REMOTE_INFO_V == "1" ] ; then if [ -f /tmp/ebackup_gateway_info.txt ]; then REMOTE_INFO=\$(cat /tmp/ebackup_gateway_info.txt); echo; echo -n " " \$REMOTE_INFO; rm /tmp/ebackup_gateway_info.txt; else echo; echo -n " (no gateway information available)"; fi fi if [ \$serv_value -eq 1 ]; then CMANAME_HA=\$(mdsstat | grep \$REMOTE_CMA | awk '{print \$4}'); echo; echo -n " (CMA: "\$CMANAME_HA;echo -n ")"; fi echo; done < /tmp/ebackup_topo; fi echo; ######## GAIA config management save ######### echo "Backup GAIA config Management:";echo; REMOTE_FILE="\$NOW-Management"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; clish -c 'show configuration' > \$REMOTE_DATEI; if [ ! -f \$REMOTE_DATEI ]; then echo -n " Failed - "; else if grep -q hostname \$REMOTE_DATEI; then echo -n " OK - "; else echo -n " Failed - " fi fi echo -n "Management "; /usr/bin/ebackup_command; if [ \$REMOTE_INFO_V == "1" ] ; then if [ -f /var/log/g_output1.txt ]; then REMOTE_INFO=\$(cat /var/log/g_output1.txt); echo; echo -n " " \$REMOTE_INFO; rm /var/log/g_output1.txt; fi fi echo;echo; ############## SMS ############################ # SMS migrate export if [ \$serv_value -eq 0 ]; then if [ \$MIGRATE == "1" ] ; then REMOTE_FILE="\$NOW-SMS-Migrate-Export"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; echo;echo "Migrate Export SMS:";echo; if [ \$SHOW_SUM == "1" ] ; then cpstop > /dev/null 2>&1; echo " OK - cpstop"; fi REMOTE_DATEI_CHK="\$REMOTE_DATEI.tgz"; $FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> \tmp\ebackup_migrate ; if [ ! -f \$REMOTE_DATEI_CHK ]; then echo " Failed - SMS migrate export"; else echo " OK - SMS migrate export"; fi if [ \$SHOW_SUM == "1" ] ; then cpstart > /dev/null 2>&1; echo " OK - cpstart"; fi fi fi ############## MDS ############################ if [ \$MIGRATE == "1" ] ; then if [ \$serv_value -gt 0 ]; then VER=`fwm ver | awk '{print \$8}' | sed 's/R80.//g'` if [ \$VER -lt 30 ]; then ### MDS version R80, R80.10, R80.20 migrate export REMOTE_FILE="\$NOW-MDS-Migrate-Export"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; mds/tmp/ebackup_migrateenv > /dev/null 2>&1 echo -n "MDS migrate export (migrate export) "\$RVER;echo ":";echo; if [ \$SHOW_SUM == "1" ] ;then mdsstop > /dev/null 2>&1; echo " OK - MDS mdsstop"; fi \$MDS_FWDIR/bin/upgrade_tools/migrate export -n \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ; if [ ! -f \$REMOTE_DATEI_CHK ]; then echo " Failed - MDS R80, R80.10, R80.20 (migrate export)"; else echo " OK - MDS R80, R80.10, R80.20 (migrate export)"; fi if [ \$SHOW_SUM == "1" ] ;then mdsstart > /dev/null 2>&1; echo " OK - MDS mdsstart"; fi else ### MDS version R80.30+ migrate_server REMOTE_FILE="\$NOW-MDS-Migrate-Server"; REMOTE_DATEI="\$FILE_PATH/\$REMOTE_FILE"; mdsenv > /dev/null 2>&1; echo;echo -n "MDS migrate server (migrate_server) "\$RVER;echo ":";echo; \$MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v \$RVER \$REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ; if grep -q "sk135172" /tmp/ebackup_migrate; then echo " Failed - MDS R80.30+ migrate_server export (No upgrade tools package is installed refer to sk135172)"; else if [ ! -f \$REMOTE_DATEI ]; then echo " Failed - MDS R80.30+ migrate_server export"; else echo " OK - MDS R80.30+ migrate_server export"; fi fi fi fi fi ############## TAR ############################ echo;echo "Tar file location:";echo; REMOTE_FILE="\$NOW-ebackup"; REMOTE_DATEI="/var/log/\$REMOTE_FILE.tgz"; REMOTE_TAR="\$FILE_PATH"; # echo \$REMOTE_TAR # echo \$REMOTE_DATEI tar -czf \$REMOTE_DATEI \$REMOTE_TAR> /dev/null 2>&1; if [ ! -f \$REMOTE_DATEI ]; then echo " Failed - tar file"; else echo -n " OK - tar file (" ; echo -n \$REMOTE_DATEI; echo ")"; fi echo; ############## FTP ############################ if [ "X\$FTPSERVER" != "X" ]; then FTPDATEI="\$REMOTE_FILE.tgz"; echo;echo "FTP upload:";echo; echo " verbose user \$FTPUSER \$FTPPW bin lcd /var/log put \$FTPDATEI bye " | /usr/bin/ftp -in \$FTPSERVER > /tmp/ebackup_ftp 2>&1; if grep -q 226 /tmp/ebackup_ftp; then echo " OK - FTP upload"; else echo " Failed - FTP upload (Log: /tmp/ebackup_ftp)"; fi echo; fi ############## CPUPLOAD ############################ if [ "X\$CPUPLOAD" != "X" ]; then #REMOTE_FILE="\$NOW-\$REMOTE_NAME"; #REMOTE_DATEI1="\$FILE_PATH/\$REMOTE_FILE"; CPUPLOADDATEI="\$REMOTE_DATEI"; echo "CP upload to \$CPUPLOAD:";echo; echo "ls \$CPUPLOADDATEI > /var/log/g_output.txt" > /tmp/g_command.txt; $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file /tmp/g_command.txt -remote_file /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$CPUPLOAD putfile -local_file \$CPUPLOADDATEI -remote_file \$CPUPLOADDATEI > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$CPUPLOAD -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt > /dev/null 2>&1; $CPDIR/bin/cprid_util -server \$CPUPLOAD getfile -remote_file /var/log/g_output.txt -local_file /tmp/ebachup_cpupload > /dev/null 2>&1; if [ ! -f /tmp/ebachup_cpupload ]; then echo " Failed - CP upload to \$CPUPLOAD "; else if grep -q tgz /tmp/ebachup_cpupload; then echo " OK - CP upload file (\$CPUPLOADDATEI)"; else echo " Failed - CP upload to \$CPUPLOAD"; fi fi echo; fi REMOTE_RM="\$FILE_PATH/202*"; rm \$REMOTE_RM > /dev/null 2>&1; rm /tmp/g_command.txt > /dev/null 2>&1; rm /tmp/ebackup_topo > /dev/null 2>&1; rm /tmp/ebachup_cpupload > /dev/null 2>&1; rm /tmp/ebackup_MGTIP > /dev/null 2>&1; rm /tmp/ebackup_migrate > /dev/null 2>&1; rm /tmp/ebackup_mdsstatus > /dev/null 2>&1; rm /tmp/ebackup_login > /dev/null 2>&1; EOT cat <<EHA > /usr/bin/ebackup_command #!/bin/bash J=\`cpinfo -y all 2>/dev/null | grep JUMBO | tail -n1 | awk '{print \$3}'\`; O=\`cat /etc/cp-release | cut -c 13- | sed 's/^ *//g' | sed 's/\s*$//g'\`; OSM=\`uname -a | grep -c x86_64\`; [ \$OSM == 0 ] && { OSM=32; } || { OSM=64; }; K=\`uname -r | sed 's/$[0-9]\+\.[0-9]\+$\..*/\1/'\`; T=\`cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c 17- \`; echo "(\${O}, Kernel \${K}, \${OSM} Bit, JHF \${J}, \${T})" > /var/log/g_output1.txt ; EHA chmod 770 /usr/bin/ebackup; chmod 770 /usr/bin/ebackup_command;

Create Cronjob

If the ebackup tool should be executed automatically, only a cronjob has to be created.

Click to Expand

Add a user "jobuser" via GAIA web portal:

Set shell:                  /bin/bash
Set assigned role: adminRole

Set a new password:

FTP upload:

                Add a cronjob via CLI to execute ebackup at Saturday night at 10:00 pm.

                - Add parameter -s for cpstop/cpstart
                - Add ftpserver/ ftpuser and ftppw parameters for ftp upload.

                # crontab -u jobuser -e
                ------------------------------------------------------------------------------------------------------
                22 00 * * 6   /usr/bin/ebackup -s -ftpserver <server_ip> -ftpuser <username> -ftppw <password>

CP upload:

If an FTP upload is too insecure for you, you can also transfer the backup file to another Check Point system with the option -cpupload via cprid_util.

- Add parameter -s for cpstop/cpstart
- Add ftpserver/ ftpuser and ftppw parameters for ftp upload.

# crontab -u jobuser -e
------------------------------------------------------------------------------------------------------
22 00 * * 6 /usr/bin/ebackup -s -cpupload <cp_server_ip>

Add a user "jobuser" via GAIA web portal:Set shell: /bin/bashSet assigned role: adminRoleSet a new password:FTP upload: Add a cronjob via CLI to execute ebackup at Saturday night at 10:00 pm. - Add parameter -s for cpstop/cpstart - Add ftpserver/ ftpuser and ftppw parameters for ftp upload. # crontab -u jobuser -e ------------------------------------------------------------------------------------------------------ 22 00 * * 6 /usr/bin/ebackup -s -ftpserver <server_ip> -ftpuser <username> -ftppw <password>CP upload: If an FTP upload is too insecure for you, you can also transfer the backup file to another Check Point system with the option -cpupload via cprid_util.- Add parameter -s for cpstop/cpstart - Add ftpserver/ ftpuser and ftppw parameters for ftp upload.# crontab -u jobuser -e ------------------------------------------------------------------------------------------------------22 00 * * 6 /usr/bin/ebackup -s -cpupload <cp_server_ip>

More "Easy Tools"

- Easy Backup Tool - (migrate export + all GAIA configs)                   -> Easy backup of all gateway GAIA configs + migrate export with one CLI command.
- Easy execute CLI commands on all gateways simultaneously        -> Now you can use the new command to execute bash or clish commands on all gateway simultaneously.
- Easy execute CLI commands from management on gateways        -> Easy execute CLI commands from management on gateways
- Mobile User License Tool - replaced "dtps lic"                                   -> It displays all Secure Client, SSL VPN and Mobile Access Portal licenses in total (sum) on the SMS.
- Easy View Tool - (system infos from all gateways simultaneously) -> This toll shows you quickly an overview of status information of all your gateways with only one CLI command.

Version

0.1   03-15-2020   - oneliner to show backup clish configs
0.6   03-23-2020   - GA version ebackup
0.7   03-25-2020    - add parameter -s for cpstop/cpstart
0.8   03-26-2020   - add parameter -no_migrate (no migrate export)
0.9   03-26-2020   - bug fixed (special thanks to Paul_Gademsky)
1.0   03-27-2020   - bug fixed (SMS and MDS)
1.1   03-30-2020   - add option -port
1.2   03-30-2020   - bug fixed
1.3   03-31-2020   - ftp upload function (-ftpserver, -ftpuser, -ftppw)

2.0   04-04-2020   - MDS support
2.1   04-06-2020   - bug fixed
2.2   04-07-2020   - add option -v
2.3   04-09-2020   - add option -cpupload (upload tgz file to a other Check Point gateway or SMS)

3.0   06-20-2023   - Support for R81.20

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

spiros-p · ‎2020-08-10

Nice tool!

sonics · ‎2020-08-20

Hello Heiko

First many thanks for that great script. i have 3 questions:

1. We also backup our smartevent server with ebackup but because it has no gateway on it ebackup gives the following back:

Backup GAIA config gateways:

Failed -

2. would it be possible to write the results of the ebackup to a log file and than parse that with a monitoring tool to be aware of failed backups?

3. we also have a 80.30 MDM to save and when run ebackup it gives me the following error:

MDS migrate server (migrate_server) R80.30:

Failed - MDS R80.30+ migrate_server export

--> where can i see what's exactly the problem that the export fails?

best regards chris

sonics · ‎2020-08-26

Hello all

We have also figured out that with MDM 80.30 and ebackup the path to the migrate export is wrong and we had to set that manually inside the ebackup script. here the infos about it:

original: # $MDS_FWDIR/scripts/migrate_server export -skip_upgrade_tools_check -n -v $RVER $REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

changed to: /opt/CPsuite-R80.30/fw1/scripts/migrate_server export -skip_upgrade_tools_check -n -v $RVER $REMOTE_DATEI 2>&1> /tmp/ebackup_migrate ;

best regards chris

nils_alfer · ‎2020-10-19

very nice tool

Hammar · ‎2020-10-31

Does it work with R81?

Tedi_Barer · ‎2020-11-03

Great script.

Nik · ‎2020-11-04

Hi Heiko,

Thank you for the utility.

Do you plan an option to include only sms without gateways in the backup file?

Also, I found when I run ebackup -v, I see that cpstop/cpstart are still executed. Shouldn't they be executed with -s flag only? I'm running R80.40 in AWS.

Regards,

Nikolay

HeikoAnkenbrand · ‎2020-11-04

Hi @Nik,

I'll take a look at it in the script.

I have found another small issue with R81. Here the version recognition does not work correctly. I will change this in the script in the next days.

Regards,
Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Nik · ‎2020-11-05

Hi Heiko,

Thank you so much.

Since we're using a Security product, could you also look at the option of copying the backup over scp with user/pass and a certificate or .key file? 😉

Thank you in advance.

Nikolay

msompong · ‎2021-01-11

Hi @HeikoAnkenbrand ,

First of all I would like to say thank you for your sharing this tool.

Because I'm very new in Checkpoint I have some of question.

- I've just to copy the script to the Checkpoint Smart-1 and then it will be backup the firewall policy and the gateway configuration right?

- I've copied your scrip and run , but I've got the error below How can I resolve it?

Infinigate_Sup · ‎2021-01-13

There is a small bug with R81. The version string is not correct!

sonics · ‎2021-03-11

Hello. is there allready a solution that works with R81?

sonics · ‎2021-03-12

Hello Infinigate_Sup. where is that bug and how to solve it?

pasoftware · ‎2021-04-12

Hi Heiko,

Thank you very much for sharing this tool.

I have copied the script onto an R80.40, and it's giving an error which is attached. This error has also been reported in the Easy View Tool (Easy View Tool - Check Point CheckMates) yet the solution didn't work for me.

Any ideas pls?

David

_Val_ · ‎2021-04-12

@pasoftware there is no attachment here. Please use picture icon to add your pic to the post

pasoftware · ‎2021-04-12

Sorry for that, error is now attached.

Thanks

_Val_ · ‎2021-04-13

Check API is enabled, and the client is in the list of authorised IPs

pasoftware · ‎2021-04-13

Thank you for your help.

However the issue was the port number. I've changed the port number in the script to the one i got from the api status command and its working now.

Thanks again.

_Val_ · ‎2021-04-13

@pasoftware great to know, that would be my second recommendation, to check the port

Simon_Macpherso · ‎2021-05-23

Hi Heiko

Looks interesting.

I see there are a few comments re integrated SCP transfer in to this.

Has this been added or is it on the roadmap to add?

Also after reviewing the bash script I see this is only targeting simple gateways and servers.

Are you planning on adding support to target simple clusters also?

Regards,

Simon

Amir_Arama · ‎2021-07-12

Hi,

do you have the option to run the ezbackup from mgmt to all GWs at once? i don't want to instal and run it on each gw separately thx

moritz_r · ‎2021-07-12

Hi @Amir_Arama, the ebackup script is written to run it on a Management Server too. Just install it on the Management Server and you can use the command "ebackup" to run. It will collect a "migrate_export" and "save configuration" from the management itself and all Gateways. Check the content of the output file in the end and you will see.

Matt_Ricketts · ‎2021-12-01

There may be an issue with the ebackup script on a clean R81.10 SMS install. I have been running this on my SMS for a while now and everything has been working great. I think I started using ebackup around 80.30 or 80.40? I had done a clean install of R81 and imported my export, then reinstalled ebackup. I did an inplace upgrade to R81.10 back in July and my most recent backup from this past Monday has everything as expected. So ebackup was still running well.

I rebuilt my SMS today with a clean install of R81.10 and did a successful import and policy install. After installing ebackup and running "ebackup -s" the migrate exports fail in both the ebackup process and a manual process. As a sanity check, I rebuilt my SMS again, imported my previous export and everything was good. I was able to successfully migrate export to a file. Next I installed ebackup again, ran it, and the migrate export failed, along with my manual attempt after that.

HeikoAnkenbrand · ‎2021-12-06

Hi @Matt_Ricketts,

I'll take a look at this in the next few days.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

mhuettig · ‎2021-12-02

Hi @HeikoAnkenbrand ,

i´ve just installed ebackup v2.3 on our mgmt.

But i got error:

The SMS is running but a connect to management API isn't possible.

Regards Michael

Matt_Ricketts · ‎2021-12-14

If you run the command api status on your SMS, does it return "API readiness test SUCCESSFUL. The server is up and ready to receive connections"? If not, something else may be off/incorrect.

I might also look at your Management API Advanced Settings within Smart Console. I don't believe anything needs to be changed here, but worth a look. In SmartConsole, Manage & Settings, Blades, Management API Advanced Settings. For me, mine is set to Accept API calls from Mgmt server only.

mhuettig · ‎2021-12-16

Hi Matt,

i´ve checked api status, set Accept API calls from Mgmt server only and did api restart, Status is API readiness test SUCCESSFUL

Starting again i got

Logout failed
The SMS is running but a connect to management API isn't possible.

I set Accept API calls from: All IPs that can be used for GUI Clients because Tufin lost connection.

Using correct port solves the problem, starting ebackup -p 4434 works. Easy solution doing the right things 😀

Tufin still have no connection because of SIC Error for lea: Certificate chain is inconsistent. 301

RGMH · ‎2022-02-24

Hello Heiko,

Can you confirm the format of your Cronjob command in the documentation. It shows as 22 00 * * 6 for 10:00PM on Saturday but when I look at Cron formats that would be at 12:22. 10:00pm would be 00 22 * * 6. Can you confirm?

Thanks,

ori1 · ‎2022-03-22

Nice Tool!

sonics6 · ‎2022-04-06

Hello all. i have a problem with s SMS with 40 gateways 80.30 and some of them with the following names are not backuped at all:

fwa20010002

fwa20010001

fwa10010001

fwa10010002

fwa30010001

could any one help here what i can change inside the script that also those 15400 checkpoints are backeduped?

best regards

Filters

Sort By

Categories

Easy Backup Tool

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.