Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Easy Backup Tool

HeikoAnkenbrand
Champion
Champion

asy Backup Tool

Features


This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup":

Easy backup Tool.JPG

easy_backup_over1a.jpg
- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

- MDS   > All

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


77 Replies

Christian_Wagen
Contributor

Hi @HeikoAnkenbrand 

That's a great idea and great implementation!

Keep up the good work 🙂

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Daniel_
Collaborator

Thanks for this Script.

With json and jq most often you don't need additional bash commands. So you can replace


   mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name" ' |xargs -n 2 | grep -v 0.0.0. > /tmp/ebackup_topo;
  

with


   mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.typ
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Dilian_Chernev
Contributor
Thank you for the excellent script!

I have a suggestion to add an option to change the API port.
For example on my SMS, there is also Endpoint MGMT and default API port is changed to 4434 . ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Hi @Dilian_Chernev,

That was a good point from you. 👍

Now in v1.1 the option -port <sms port> add the management server port, if it's not running on port 443.

Regards
Heiko

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Dilian_Chernev
Contributor
Working perfectly!
Is it possible to add file transfer to a SCP server also ? ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Paul_Gademsky
Collaborator

@Dilian_Chernev   @HeikoAnkenbrand 

It should be fairly straight forward to do, but I'll leave that to Heiko to incorporate.

When it comes to storing the passwords for the ftp/scp/sftp on a server for a cron job, I tend to stay away from that.

My solution is to use the cprid capabilities to copy the file to a second Mgmt (HA), log server, SmartEvent server, or worse case a gateway, so that it exists in more than one location.

Just my 2 cents.

Paul G.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Dilian_Chernev  @Paul_Gademsky,

Check Point upload support for the backup file via cprid_util is added. 😀

So you can copy the backup with the option -cpupload directly to another Check Point gateway or SMS/MDS.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Giorgio_Giustoz
Participant

Thank you for the excellent script!

I have a suggestion to add an option to send the files (export & Gaia-configuration)  to a external server/location, via FTP o CIFS.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Giorgio_Giustoz ,

Now v1.3 with FTP Upload,

ebackup -ftpserver 1.1.1.1 -ftpuser username -ftppw test123   -> Backup all GAIA configs + migrate export with upload to a ftp server.

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Armin_Weiler
Participant

Hi @HeikoAnkenbrand,

I have been following this article for the last few days. This is a really good idea that you've developed here. In my opinion the script should be published in a JHF or in the next R80 version.

We use it on several management servers of our customers and it's working great now.

PS: Curl download works fine now.

Many thanks
Armin

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Now v1.3 with the following options:

Syntax  Description
-s
The option -s  performs a cpstop and cpstart when the migrate export tool is executed.
-no_migrate  The option -no_migrate has the consequence that no migrate export is executed.
-port <sms port>
The option -port <sms port> add the management server port, if it's not running on port 443.
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Ruan_Kotze
Collaborator

Thank you so much for an awesome tool - this has been a gap in my toolbox for so long.  The only issue I have picked up in testing is a spelling mistake in the output file, as per attachment.

Thanks again,
Ruan

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Hi @Ruan_Kotze,

THX, I changed that. Is now correct.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Jan_Elbers
Participant

Nice xcript. Thanks

Is there also a backup option for SMB devices?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Paul_Gademsky
Collaborator

The 1.4 version I posted has been successfully run against 3 different 1200R appliances at this point. Let me know if you have a different experience.

Paul G.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Jan_Elbers 

The tool supports all SMB applications where no 0.0.0.X IP address is set in the topology.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Harry_Morgan
Contributor

Hi  @HeikoAnkenbrand 

Can I execute the script as cronjob?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Harry_Morgan,

If the ebackup tool should be executed automatically, only a cronjob has to be created.
I described it in the article.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Pablo_Montega
Contributor

Hello  @HeikoAnkenbrand,

Is it possible to add a scp upload?

Thanks

Pablo

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Th-Chi
Participant
ssh upload? ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

coming soon

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Now tested with R80.40.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


moritz_r
Participant

Thank you for this script.
One question in case of an Endpoint MGMT: is there also a opportunity to use the function of a migrate export with the syntax "--include-uepm-msi-files"?

That would great

Best regards

Moritz

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

moritz_r
Participant

Hello @HeikoAnkenbrand 
now I have a second question:
after adding a test cronjob with ebackup, the topic of the job notification mail includes the users password. Is it possible to hide it?

And Im not sure if it is a typo in the script, because also in the job notification mail, I got an error message:

rm: cannot remove '/tmp/ebachup_cpupload': No such file or directory TERM environment variable not set.

Does this error occur because of "ebachup_cpupload" instead of "ebackup_cpup

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Titus_Kimathi
Explorer

Hi @HeikoAnkenbrand 

Much appreciated tool. Works like a  charm on a R80.40-SMS, R80.30/R77.30 gateways, and TE appliance environment.

Regards

Mutumak

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

yo
Participant

👍🏻

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ave_Joe
Contributor

Good day.

Hi.  Great work.  I am in process of replacing my ancient nightly backup script with ebackup.  I would like to see a feature that just does the migrate of the SMS and skips the gateways.  In my use case I have 400 appliances that don't really change all the much so I think backing up those once per week makes sense.  However the with policy changes, etc. my preference is to use your script to get a migrate done nightly.

Thoughts?

Would this be something others would like t

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

nils_alfer
Contributor

Hi  @HeikoAnkenbrand.

this is a very nice solution. 

Thanks
Nils

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

wavesurf
Explorer

Hi Heiko,

great tool!

What i am missing in all backup methods/tools, is the backup of certain importand files from the device.

Management:

implied_rules.def
table.def
crypt.def
vpn_route.conf
ipassignment.conf
fwrl.conf
trac_client_1.ttm
vpn_table.def
user.def
HKLM_registry.data

Gateways (not SMB)

masters

fwkern.conf

trac_client_1.ttm

simkern.conf
sim_aff.conf
vpnkern.conf
HKLM_registry.data
/etc/rc.d/rc.local
SmsPhones.lst
dynamic_id_users_info.lst
CPprofile.sh
/opt/postfix/etc/postfix/

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

spiros-p
Participant

Nice tool!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos