This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jomof
Contributor
‎2022-05-11 10:44 AM

schedule backup keeps failing after upgraded from R77.30 to R81.10

Hello Expert,

I recently upgraded from r77.30 to R81.10 and  notice none of my schedule backup is working after the upgrade.

I am using the ftp method , but this keep failing,

As a troubleshooting option I tried a schedule backup to the local device this also fail.ED

I have 2 management server and 3 enforcer all using gaia ver 81.10.

I humble request some help not sure if there is a service etc that has to be enable .

Thank 

Regards

 

 

Labels
0 Kudos
15 Replies
Tobias_Moritz
Advisor
‎2022-05-12 02:13 AM

Well, I would not use unencrypted FTP in these days anymore, but beside from that, it should still work that simple. If you use SFTP, you need to trust the server host key first (add an entry to /home/admin/.ssh/known_hosts), if I remember correctly. But for plain old FTP, it should just work. But I have to say, I've never tried this.

You can troubleshoot it, maybe this helps you in understanding the problem:

The backup configuration in Gaia looks like this (SFTP example):

add backup-scheduled name "gatewayname" scp ip 10.0.0.76 path /path/gatewayname/ username "username" password ****
set backup-scheduled name gatewayname recurrence weekly days 7 time 01:20

This will result in a crontab entry, you can see in expert mode:

[Expert@gatewayname:0]# crontab -l
# This file was AUTOMATICALLY GENERATED
# Generated by /bin/cron_xlate on Wed May 4 17:43:23 2022
#
# DO NOT EDIT
#
SHELL=/bin/bash
MAILTO=""
#
# mins hrs daysinm months daysinw command
#

##__backup__gatewayname
20 1 * * 7 /bin/scheduled_backup gatewayname

You can check the log of cron. It should look like this:

/var/log/cron:
May 8 01:20:01 2022 gatewayname crond[21381]: (admin) CMD (/bin/scheduled_backup gatewayname)

You can then check /var/log/messages, because the scheduled_backup binary just logs to default. A successfull backup over sftp looks like this:

/var/log/messages:
May 8 01:20:01 2022 gatewayname xpand[13942]: backup: backup_alloc_proc().
May 8 01:20:01 2022 gatewayname xpand[13942]: backup_set_proc: Started.
May 8 01:20:01 2022 gatewayname xpand[13942]: backup_set_proc: exit normally
May 8 01:20:01 2022 gatewayname xpand[13942]: backup_check_proc: backup_check_proc().
May 8 01:20:01 2022 gatewayname xpand[13942]: backup_check_proc: start backup action
May 8 01:20:01 2022 gatewayname xpand[13942]: knownhost_cdk: Host address 10.0.0.76
May 8 01:20:01 2022 gatewayname xpand[13942]: knownhost_cdk: Connecting to host 10.0.0.76
May 8 01:20:03 2022 gatewayname xpand[13942]: knownhost_cdk: Filename /home/admin/.ssh/known_hosts
May 8 01:20:03 2022 gatewayname xpand[13942]: knownhost_cdk: Total known hosts 2
May 8 01:20:03 2022 gatewayname xpand[13942]: knownhost_cdk: Matching knownhost 10.0.0.76
May 8 01:20:03 2022 gatewayname xpand[13942]: knownhost_cdk: Host address 10.0.0.76
May 8 01:20:03 2022 gatewayname xpand[13942]: knownhost_cdk: Connecting to host 10.0.0.76
May 8 01:20:04 2022 gatewayname xpand[13942]: knownhost_cdk: Filename /home/admin/.ssh/known_hosts
May 8 01:20:04 2022 gatewayname xpand[13942]: knownhost_cdk: Total known hosts 2
May 8 01:20:04 2022 gatewayname xpand[13942]: knownhost_cdk: Matching knownhost 10.0.0.76
May 8 01:20:04 2022 gatewayname xpand[13942]: backup: backup_final_proc().
May 8 01:20:04 2022 gatewayname xpand[21387]: backup: before wrapper_start_action.
May 8 01:20:04 2022 gatewayname xpand[21387]: state->action=1, state->storage_type=scp, state->s_file_name=(null), state->remote_server
_addr=10.0.0.76, state->remote_user_name=username,
May 8 01:20:04 2022 gatewayname xpand[13942]: backup: backup_disengage_proc().
May 8 01:20:04 2022 gatewayname scheduled_backup: /bin/scheduled_backup: rc=0
May 8 01:20:04 2022 gatewayname xpand[21387]: wrapper_start_action: Started !!!!!!!
May 8 01:20:04 2022 gatewayname xpand[21387]: BACKUP operation started.
May 8 01:20:04 2022 gatewayname kernel: XFS (dm-6): Mounting V5 Filesystem
May 8 01:20:04 2022 gatewayname kernel: XFS (dm-6): Starting recovery (logdev: internal)
May 8 01:20:04 2022 gatewayname kernel: XFS (dm-6): Ending recovery (logdev: internal)
May 8 01:20:14 2022 gatewayname kernel: XFS (dm-6): Unmounting Filesystem
May 8 01:20:17 2022 gatewayname xpand[21387]: BACKUP operation has finished successfully. Errors: none
May 8 01:20:17 2022 gatewayname xpand[21387]: Creating status file. process was successfull
May 8 01:20:17 2022 gatewayname xpand[13942]: admin localhost t +backup_stats:last_backup_file:scp /path/gatewayname/backup_gatewayname.domain_08_May_2022_01_20_04.tgz
May 8 01:20:17 2022 gatewayname xpand[13942]: admin localhost t +backup_stats:last_backup_date:scp 2022-5-8@1-20-17
May 8 01:20:17 2022 gatewayname xpand[13942]: admin localhost t +backup_stats:last_backup_time:scp 13
May 8 01:20:17 2022 gatewayname xpand[13942]: Configuration changed from localhost by user admin by the service /bin/confd
May 8 01:20:17 2022 gatewayname xpand[13942]: Configuration changed from localhost by user admin by the service /bin/confd
May 8 01:20:17 2022 gatewayname xpand[21387]: backup: after wrapper_start_action; unlocking file. res: 0
May 8 01:20:36 2022 gatewayname xpand[13942]: admin localhost t -volatile:configurationChange
May 8 01:20:36 2022 gatewayname xpand[13942]: admin localhost t -volatile:configurationSave

 

0 Kudos
jomof
Contributor
‎2022-05-13 09:27 AM
In response to Tobias_Moritz

Good afternoon,

 

Please find response below

May 13 10:35:43 2022 rdr-fw1 kernel: [fw4_1];cpas_newconn_ex : called upon something other than tcp SYN. Aborting
May 13 10:42:51 2022 rdr-fw1 httpd2: HTTP login from 10.171.186.217 as jomof
May 13 10:42:51 2022 rdr-fw1 xpand[27536]: jomof localhost t +webuiparams:logincount:jomof 31
May 13 10:42:51 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user jomof
May 13 10:43:01 2022 rdr-fw1 xpand[27536]: show_asset CDK: asset_get_proc started.
May 13 10:43:02 2022 rdr-fw1 xpand[27536]: show_asset CDK: asset_get_proc started.
May 13 10:45:28 2022 rdr-fw1 ipstcl2: regStrCmp: Match found of the string jPassword at pattern jPassword (0,9)
May 13 10:45:28 2022 rdr-fw1 ipstcl2: check_special_char: The key jPassword is allowed to have special character at it's value
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_set_proc()
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_set_proc()
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: exit normally backup_type_set_proc().
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_set_proc()
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: exit normally backup_type_set_proc().
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_set_proc()
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: exit normally backup_type_set_proc().
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_set_proc()
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: exit normally backup_type_set_proc().
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_set_proc()
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: exit normally backup_type_set_proc().
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: jomof localhost t +backup-scheduled:test_backup t
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: jomof localhost t +backup-scheduled:test_backup:type ftp
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: jomof localhost t +backup-scheduled:test_backup:ip 172.38.10.149
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: jomof localhost t +backup-scheduled:test_backup:username fwbackup
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: jomof localhost t +backup-scheduled:test_backup:password ********************
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: jomof localhost t +backup-scheduled:test_backup:uploadPath /Backup/checkpoint_backup/
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user jomof
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: cron_get_entry: job_name = __backup__test_backup
May 13 10:45:28 2022 rdr-fw1 xpand[27536]: backup: backup_type_live_get_proc start.
May 13 10:49:38 2022 rdr-fw1 httpd2: HTTP logout from 10.171.186.217 as jomof
May 13 10:49:38 2022 rdr-fw1 httpd2: Logging out from webui, user is not a TACACS user
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:check_for_updates_last_res Last check for update is running
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status -1
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: admin localhost t -installer:update_status_message
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Contacting the Download Center
May 13 11:25:25 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Received 72 results from the Download Center
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 0%
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 1%
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 2%
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 4%
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 5%
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 6%
May 13 11:25:27 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:28 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 8%
May 13 11:25:28 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:29 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 9%
May 13 11:25:29 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:30 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating candidates 11%
May 13 11:25:30 2022 rdr-fw1 xpand[27536]: Configuration changed from localhost by user admin by the service dbset
May 13 11:25:30 2022 rdr-fw1 xpand[27536]: admin localhost t +installer:update_status_message Validating

 

[Expert@rdr-fw1:0]# cron -l
-bash: cron: command not found
[Expert@rdr-fw1:0]# crontab -l
# This file was AUTOMATICALLY GENERATED
# Generated by /bin/cron_xlate on Fri May 13 10:45:28 2022
#
# DO NOT EDIT
#
SHELL=/bin/bash
MAILTO=""
#
# mins hrs daysinm months daysinw command
#

##__backup__test_backup
00 11 * * * /bin/scheduled_backup test_backup
[Expert@rdr-fw1:0]#

 

Regards

 

0 Kudos
Dov_Fraivert
Employee
Employee
‎2022-05-12 05:30 AM

Hi @jomof 
Can you please send me in private the logs from "/var/log/massage" from the relevant date (the time backup was supposed to to be created)

0 Kudos
jomof
Contributor
‎2022-05-16 06:19 AM
In response to Dov_Fraivert

Hello Expert,

Looking at the message logs I do not see any attempt start the schedule backup is there any service etc that is not started or need restarted it kind of strange that nothing is showing in the messages logs.

 

Regards

 

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-05-16 06:56 AM
In response to jomof

Can you ensure that backup is being sent to actual sub dir on your ftp or sftp server and NOT root? I had seen it fail mostly due to that reason.

Best,
Andy
0 Kudos
jomof
Contributor
‎2022-05-16 09:54 AM
In response to the_rock

 

Hello Rock,

It look like any schedule backup is not working I the tried scheduling a back to the local appliance that also fail.

It some issue with the backup scheduling in version r81.10 when I ran R77.30 I use the same ftp schedule backups and never had an issue.

Regards

 

Preview file
109 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-05-16 10:55 AM
In response to jomof

Same problem regardless if its web UI or cli?

Andy

Best,
Andy
0 Kudos
jomof
Contributor
‎2022-05-17 06:20 AM
In response to the_rock

Hello Rock,

Same issues regardless if it web UI or cli?

What i have resort to doing in the interim is do all backups manually to the device and the use "winscp" to move them to windows environment.

But I love to get this working via the schedule.

Regards

  

 

0 Kudos
jomof
Contributor
‎2022-05-28 01:03 PM
In response to Dov_Fraivert

Good Afternoon,

I found the reason why the schedule backup was not working  ------------- The admin password had expired.

Once this was updated the backup ran as per schedule.

I have a another issue. 

The admin  account falls under the same password policy as the other end users, hence I cannot extend the 45 day expiration or set the global passwords policy to never expire  .  Bank's password policy)  

 

I humbly request some clarification to the two question see below

(1) Is there a way to set the admin password to never expire?

(2) If I set the passwords to never expire will at the end of 45 day will I be prompted to change the password?

I know for sure in Microsoft Windows environment that any user can be set to never expire explicitly despite at the Global password policy  stating that a password must be renew after 45 days.

I not sure if in checkpoint environment if the can be achieve.

Thanks 

Regards

 

 

 

0 Kudos
Max_Frankl
Employee
Employee
‎2022-05-30 12:39 AM
In response to jomof

I want to clarify. After re-reading your post. Is your admin user sitting on an AD server or something remote? 

If you want to have the Admin password never expire you must create the Admin account locally on the appliance as shown in the screenshot below.

 

If you create an Admin account on an external server and then keep it under the same policy as other external users. Then the Admin user will also be subject to the same as other users accordingly to the relevant policy.

Preview file
70 KB
0 Kudos
jomof
Contributor
‎2022-05-31 06:51 AM
In response to Max_Frankl

Hello Good day,

Thanks for the suggestion but the admin account is set up locally on the appliances but it is subject to external users password policy which has password to be reset after 45 days.

Hence I cannot modify the policy to never expire because all  users will be affected.

Regards

   

See attached screen shot

 

 

Preview file
63 KB
0 Kudos
Max_Frankl
Employee
Employee
‎2022-05-31 12:07 PM
In response to jomof

I'll look into this and update

0 Kudos
Max_Frankl
Employee
Employee
‎2022-06-01 03:17 AM
In response to jomof

The password policy is system-based and not role-based so this isn't currently possible.

 

I am going to request they change it to role-based which would allow what you're asking for, but for the current time/near future this isn't possible.

0 Kudos
rrbranco
Collaborator
Collaborator
‎2022-05-31 02:06 AM
In response to jomof

What if you schedule a script to run from a crontab job using a passwordless user without login permission ?

 

sk77300

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

 

jomof
Contributor
‎2022-05-31 06:37 AM
In response to rrbranco

Hello Branco,

The solution provide is workable we tested same in our test environment and  it did he trick the challenge for me is our organization is subjected to frequent audits by independent Team , hence I will not be able to justify the creation of a root user without a password .

Extracted from checkpoint document 

Workaround:

  1. In Gaia Clish, create a root user without the capability to log in. Run:

    HostName> add user jobuser uid 0 homedir /home/jobuser
    HotsName> save config

    Note - Do not give the user a password and do not give the user any Gaia roles.

Thank you for the suggestion.

Regards

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events