This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
Authority
Authority
‎2023-01-24 10:55 AM

Backup and restore of SMS in Smart-1 cloud

Following the documentation  How frequently do you run backups? 

„Backups of the environments are taken each 12 hours, and are saved for 30 days“

But how about the restore…

TAC case needed for a restore?

What can be restored ? The whole system, all objects, different policies, what else ?

I can‘t found more detailed informations about the restore process.

0 Kudos
12 Replies
Alex-
Leader Leader
Leader
‎2023-01-24 11:00 AM

It's in the same document, unless you were looking for something else.

 

How can I revert my management database to an earlier version?

  • From version R80.40, customers can use SmartConsole or an API to revert to an earlier revision.

  • To revert all the management to an earlier version, it is necessary to open a support ticket with Check Point Support.

    Note - After this procedure is done, you cannot cancel it.

Wolfgang
Authority
Authority
‎2023-01-24 11:04 AM
In response to Alex-

Nothing else then a full revert ?

Tomer_Noy
Employee
Employee
‎2023-01-24 11:27 PM

Hi,

The backups that we take in Smart-1 Cloud every 12 hours are full snapshots of the entire state of your tenant. That means that when TAC perform a restore, it restores everything to the previous state.

This option is important for drastic disaster scenarios (which thankfully are very rare).

As a customer, you also have "less extreme" options to restore to previous configuration if something went wrong, or there is a misconfiguration that you are having trouble tracking down. This is called "Revert to Revision".
The management stores each published session as a revision, which you can see and even compare in the "Settings => Revisions" page. If you right click a specific revision, you can choose to revert back to that revision.
This operation happens within the application, so it is aware of the types of changes done, and can make informed decisions on things that should not be reverted. For example, all policies and objects will be reverted, but if you re-initialized a SIC certificate, that would not be reverted, since the gateway obviously relies on the new SIC.

You can perform the revert to revision action from the UI, or if you prefer, via API.

If you have other cases for backup & restore, or require other granular options, I'd be glad to get more info. You (or others) are welcome to share on this post.

0 Kudos
Alex-
Leader Leader
Leader
‎2023-01-25 01:25 AM
In response to Tomer_Noy

An option to backup appliances directly in the tenant would be welcome.

One of my installations has Spark appliances in multiple countries. One was RMA'd and after initializing the new system and importing the backup, it connected back to Smart-1 cloud and was operational right after policy installation so importing the backup works at the SIC and MaaS token levels which is of course excellent.

Still, I take manual backups every now and then because there's no other way for now. Allowing them to backup in the tenant and downloading the backup from the Infinity Portal would make things a bit easier. The System Backup action in the R81.20 Smart Console does not allow Spark appliances and Quantum appliances show the classical choices to keep it local to the system or SCP them to a manual input.

0 Kudos
_Val_
Admin
Admin
‎2023-01-25 01:59 AM
In response to Alex-

@Alex- ,

The original post is about backing up Smart-1 Cloud and not local FWs.

I personally find the idea of the cloud backup for "multiple devices" in your terms quite problematic. It has multiple issues, starting from available bandwidth and ending with running out of limited cloud storage space.

I would strongly recommend considering off-site on-prem backup options, such as SFTP servers, to store GW backups.

0 Kudos
Daniel_Westlund
Collaborator
Collaborator
‎2023-07-27 03:39 PM
In response to Tomer_Noy

When I restore a revision, is that the equivalent of restoring and old policy, or of the old database revision control? I ask because when CP went to R80, we could restore each policy, which gets the rules, but doesn't get the objects which were changed. I thought I'd heard that CP was going back to a more full revision which would restore changes in objects as well as rules, but I wasn't sure if we were there yet. My customer is on R81.20 on Smart-1 Cloud. Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-27 07:02 PM
In response to Daniel_Westlund

Revision Control similar to R77.x was added in R80.40.
See this great post by @Timothy_Hall that explains how it works: https://community.checkpoint.com/t5/Management/R80-Change-Control-A-Visual-Guide/m-p/39702 

(1)
the_rock
Legend
Legend
‎2023-07-28 07:35 AM
In response to Tomer_Noy

Hey Tomer,

Revert to revision, thats same as on say om prem management server, BUT, can customers do say restore to previous version if they dont like something in the new version or is that something TAC would need to do? Example...say customer does not like R81.20 and want to go back to R81.10...possible?

Not saying thats the case with any of our customers using S1Cm they all love R81.20, but just wondering for my own knowledge.

Thank you.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-28 10:38 AM
In response to the_rock

There isn't a way to downgrade.
However, if you do an in-place upgrade using CPUSE, you can always revert to the last snapshot taken before the upgrade.

0 Kudos
the_rock
Legend
Legend
‎2023-07-28 10:54 AM
In response to PhoneBoy

I wish CP would have an easy way to revert, like other major vendors do. Because, lets be honest, sometimes customers may upgrade and things dont work as they should, so people like to have an easy way to go back if need be. With Fortinet, super EASY. PAN, it was easy before, not sure now, as I had not worked on it in some time. As far as Cisco, you just save both images in tftp server, run command to load old software, bam, done.

I mean, I know snapshot is good option, but most people prefer file thats few KBs or up to 100-200 MBs, rather than 10 GB lol

Andy

0 Kudos
TomerLev
Employee
Employee
‎2023-07-29 11:03 PM
In response to the_rock

Hey Andy
Just to clarify regarding S1C and Management version. (maybe not for you but for others)

Smart-1 Cloud is a service. The concept of a service is that the customer do not have control of the service/environment version, they are provided with the latest and greatest security management version, with NO effort and concern what so ever.

So to your question (which I'm glad that is theoretical only) -no, S1C customer cannot decide or request to downgrade. They can work only with the provided latest version.
One aspect the customer can influence, is that upon upgrade of a major version of their environment (e.g. R81.10->R81.20->R82) - when getting the notice about the upgrade window, they can ask to reschedule their environment upgrade window (Upgrades and any imitated ,maintenance is done in off hours anyway) 
Thanks
Tomer

(1)
the_rock
Legend
Legend
‎2023-07-30 06:40 AM
In response to TomerLev

Thanks Tomer! I sort of figured that was the case and the only reason I asked this is because client asked me once (maybe 3 years ago) when S1C was not as developed as it is now, what happens if they dont like upgraded version and they wish to go back. I told them back then the best option if that were to happen would be to work with TAC and R&D (if required) and fix the issue, and they were perfectly fine with that.

Luckily, all worked as expected.

Thanks again for confirming.

Cheers,

Andy

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events