Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Easy Backup Tool

HeikoAnkenbrand
Champion Champion
Champion

asy Backup Tool

Features


This tool creates a backup of all GAIA gateway configurations with one CLI command "ebackup":

 


- Only one CLI command "ebackup"
- Backup of all Gaia gateway configurations (Check Point appliances, Open Server, SMB appliances 11xx, 14xx)
- Migrate export on SMS
- Migrate-server on MDS
- Backup all files to one TGZ file
- FTP upload support backup file
- CP upload support for backup file via cprid_util

- MDS   > All CMA's a

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(4)
99 Replies

ReinerS
Participant

Great work.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Christian_Wagen
Contributor

Hi @HeikoAnkenbrand 

That's a great idea and great implementation!

Keep up the good work 🙂

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Daniel_
Advisor

Thanks for this Script.

With json and jq most often you don't need additional bash commands. So you can replace


   mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address",."name" ' |xargs -n 2 | grep -v 0.0.0. > /tmp/ebackup_topo;
  

with


   mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.typ
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Dilian_Chernev
Collaborator
Thank you for the excellent script!

I have a suggestion to add an option to change the API port.
For example on my SMS, there is also Endpoint MGMT and default API port is changed to 4434 . ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi @Dilian_Chernev,

That was a good point from you. 👍

Now in v1.1 the option -port <sms port> add the management server port, if it's not running on port 443.

Regards
Heiko

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Dilian_Chernev
Collaborator
Working perfectly!
Is it possible to add file transfer to a SCP server also ? ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Paul_Gademsky
Employee
Employee

@Dilian_Chernev   @HeikoAnkenbrand 

It should be fairly straight forward to do, but I'll leave that to Heiko to incorporate.

When it comes to storing the passwords for the ftp/scp/sftp on a server for a cron job, I tend to stay away from that.

My solution is to use the cprid capabilities to copy the file to a second Mgmt (HA), log server, SmartEvent server, or worse case a gateway, so that it exists in more than one location.

Just my 2 cents.

Paul G.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Hi @Dilian_Chernev  @Paul_Gademsky,

Check Point upload support for the backup file via cprid_util is added. 😀

So you can copy the backup with the option -cpupload directly to another Check Point gateway or SMS/MDS.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Giorgio_Giustoz
Participant

Thank you for the excellent script!

I have a suggestion to add an option to send the files (export & Gaia-configuration)  to a external server/location, via FTP o CIFS.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Hi @Giorgio_Giustoz ,

Now v1.3 with FTP Upload,

ebackup -ftpserver 1.1.1.1 -ftpuser username -ftppw test123   -> Backup all GAIA configs + migrate export with upload to a ftp server.

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Armin_Weiler
Participant

Hi @HeikoAnkenbrand,

I have been following this article for the last few days. This is a really good idea that you've developed here. In my opinion the script should be published in a JHF or in the next R80 version.

We use it on several management servers of our customers and it's working great now.

PS: Curl download works fine now.

Many thanks
Armin

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Now v1.3 with the following options:

Syntax  Description
-s
The option -s  performs a cpstop and cpstart when the migrate export tool is executed.
-no_migrate  The option -no_migrate has the consequence that no migrate export is executed.
-port <sms port>
The option -port <sms port> add the management server port, if it's not running on port 443.
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Ruan_Kotze
Advisor

Thank you so much for an awesome tool - this has been a gap in my toolbox for so long.  The only issue I have picked up in testing is a spelling mistake in the output file, as per attachment.

Thanks again,
Ruan

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi @Ruan_Kotze,

THX, I changed that. Is now correct.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Jan_Elbers
Participant

Nice xcript. Thanks

Is there also a backup option for SMB devices?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Paul_Gademsky
Employee
Employee

The 1.4 version I posted has been successfully run against 3 different 1200R appliances at this point. Let me know if you have a different experience.

Paul G.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Hi @Jan_Elbers 

The tool supports all SMB applications where no 0.0.0.X IP address is set in the topology.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Harry_Morgan
Contributor

Hi  @HeikoAnkenbrand 

Can I execute the script as cronjob?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Hi @Harry_Morgan,

If the ebackup tool should be executed automatically, only a cronjob has to be created.
I described it in the article.

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Pablo_Montega
Contributor

Hello  @HeikoAnkenbrand,

Is it possible to add a scp upload?

Thanks

Pablo

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Th-Chi
Participant
ssh upload? ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

coming soon

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Now tested with R80.40.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


moritz_r
Participant
Participant

Thank you for this script.
One question in case of an Endpoint MGMT: is there also a opportunity to use the function of a migrate export with the syntax "--include-uepm-msi-files"?

That would great

Best regards

Moritz

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

moritz_r
Participant
Participant

Hello @HeikoAnkenbrand 
now I have a second question:
after adding a test cronjob with ebackup, the topic of the job notification mail includes the users password. Is it possible to hide it?

And Im not sure if it is a typo in the script, because also in the job notification mail, I got an error message:

rm: cannot remove '/tmp/ebachup_cpupload': No such file or directory TERM environment variable not set.

Does this error occur because of "ebachup_cpupload" instead of "ebackup_cpup

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Titus_Kimathi
Explorer
Explorer

Hi @HeikoAnkenbrand 

Much appreciated tool. Works like a  charm on a R80.40-SMS, R80.30/R77.30 gateways, and TE appliance environment.

Regards

Mutumak

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

yo
Participant

👍🏻

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ave_Joe
Contributor

Good day.

Hi.  Great work.  I am in process of replacing my ancient nightly backup script with ebackup.  I would like to see a feature that just does the migrate of the SMS and skips the gateways.  In my use case I have 400 appliances that don't really change all the much so I think backing up those once per week makes sense.  However the with policy changes, etc. my preference is to use your script to get a migrate done nightly.

Thoughts?

Would this be something others would like t

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

nils_alfer
Contributor

Hi  @HeikoAnkenbrand.

this is a very nice solution. 

Thanks
Nils

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

wavesurf
Explorer

Hi Heiko,

great tool!

What i am missing in all backup methods/tools, is the backup of certain importand files from the device.

Management:

implied_rules.def
table.def
crypt.def
vpn_route.conf
ipassignment.conf
fwrl.conf
trac_client_1.ttm
vpn_table.def
user.def
HKLM_registry.data

Gateways (not SMB)

masters

fwkern.conf

trac_client_1.ttm

simkern.conf
sim_aff.conf
vpnkern.conf
HKLM_registry.data
/etc/rc.d/rc.local
SmsPhones.lst
dynamic_id_users_info.lst
CPprofile.sh
/opt/postfix/etc/postfix/

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos