This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joshua_Wright
Participant
‎2018-02-19 12:57 PM

Startup-Config Equivalent

Does Check Point have an equivalent to the Cisco startup config that can be checked?

I understand that you can issue a "show configuration" to see what I understand to be the equivalent of the "show running-config" on a Cisco device. 
I ask this as I know that you need to save the config in order for it to be kept in the event of a reboot and I would like to be able to monitor this status. 

We use Solarwinds for our configuration monitoring on Cisco devices and that compares the Startup-config to the running-config to check if there are any unsaved changes and perform a diff on these. It would be nice if there was an equivalent way to do the same with the Check Points. 

I understand that the "show config-state" command will show me if there are unsaved changes, but not allow me to compare those changes. 

Any ideas?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2018-02-19 09:58 PM

When you're using the WebUI, pretty much every change you make is saved automatically.

When you're using the CLI, there is an explicit "save config" step.

Which means, if you're trying to track configuration changes, you need to take a different approach.

The boot configuration is in /config/active.

If you want to see if this is changed at all, you should probably grab this periodically and diff it.

That should be pretty trivial.

If you want to see if the RUNNING configuration is different than the SAVED configuration, it's a bit more complicated.

The tool that will give you output that more closely matches what's in /config/active is a tool called dbget and it's described here: How to use dbget and dbset on Gaia OS 

As far as I know, even with dbget, you can't dump the entire running config, only specific entries or specific trees.

However, using a bit of scripting, I imagine it's possible to pull out which items have changed configuration since the last save.

0 Kudos
Joshua_Wright
Participant
‎2018-03-22 09:43 AM
In response to PhoneBoy

Thanks Dameon, the tracking of changes I have ok with Solarwinds NCM, it's just the startup vs running I am having an issue with. 

Thanks for the heads up on the gbget tool - I wasn't aware of this. Unfortunately it doesn't look like it will accomplish what I am after without a lot of custom manipulation. 

I think that I will just settle on checking the SNMP value to ensure that there are not unsaved changes. 

0 Kudos
Hash1212
Explorer
‎2023-07-19 09:29 PM
In response to PhoneBoy

Hi Team,

Is it possible to show , take backup and restore of both running and startup config from ansible in checkpoint? If possible, how can I achieve it?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-20 05:44 AM
In response to Hash1212

Ansible is used to describe the configuration you want, not to perform tasks like take a backup.
Backup best practices are: https://support.checkpoint.com/results/sk/sk108902 
In practice, there are very few areas where the "running" config and the "saved" configuration will differ. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events