- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Startup-Config Equivalent
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Startup-Config Equivalent
Does Check Point have an equivalent to the Cisco startup config that can be checked?
I understand that you can issue a "show configuration" to see what I understand to be the equivalent of the "show running-config" on a Cisco device.
I ask this as I know that you need to save the config in order for it to be kept in the event of a reboot and I would like to be able to monitor this status.
We use Solarwinds for our configuration monitoring on Cisco devices and that compares the Startup-config to the running-config to check if there are any unsaved changes and perform a diff on these. It would be nice if there was an equivalent way to do the same with the Check Points.
I understand that the "show config-state" command will show me if there are unsaved changes, but not allow me to compare those changes.
Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you're using the WebUI, pretty much every change you make is saved automatically.
When you're using the CLI, there is an explicit "save config" step.
Which means, if you're trying to track configuration changes, you need to take a different approach.
The boot configuration is in /config/active.
If you want to see if this is changed at all, you should probably grab this periodically and diff it.
That should be pretty trivial.
If you want to see if the RUNNING configuration is different than the SAVED configuration, it's a bit more complicated.
The tool that will give you output that more closely matches what's in /config/active is a tool called dbget and it's described here: How to use dbget and dbset on Gaia OS
As far as I know, even with dbget, you can't dump the entire running config, only specific entries or specific trees.
However, using a bit of scripting, I imagine it's possible to pull out which items have changed configuration since the last save.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Dameon, the tracking of changes I have ok with Solarwinds NCM, it's just the startup vs running I am having an issue with.
Thanks for the heads up on the gbget tool - I wasn't aware of this. Unfortunately it doesn't look like it will accomplish what I am after without a lot of custom manipulation.
I think that I will just settle on checking the SNMP value to ensure that there are not unsaved changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
Is it possible to show , take backup and restore of both running and startup config from ansible in checkpoint? If possible, how can I achieve it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ansible is used to describe the configuration you want, not to perform tasks like take a backup.
Backup best practices are: https://support.checkpoint.com/results/sk/sk108902
In practice, there are very few areas where the "running" config and the "saved" configuration will differ.