R80.30 manager and gateway IaaS backups in Azure
We are struggling to decide which is the best solution to backup our R80.30 gateways and managers which run in Azure.
For the manager.
Run schdeuled backups from with Gaia for the manager and offload them to a remote location (would this backup all policies, NATS, VPNs etc)
Use snapshots .
Not sure of the difference between snapshot and backup but either would only be used to restore to the same OS version.
For the gateways. This is slightly different as the gateways themselves have several extra interfaces on them with setting that are only configurable via powershell within Azure.
Run scheduled backups or snapshots as above with the manager. The problem I see with this is if the vm was corrupt would a backup/snapshot restore the interfaces settings?
Use Azure to backup the VMs in their entirety?
Any clarification on this would be greatly recieved.
Regardless of whether it's cloud or an appliance, best practices SK is where you should start: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
It's recommended to use multiple methods to backup (Gaia snapshot, periodic migrate export, etc) and test them regularly, else you have Schrodinger's Backup.
The process for rebuilding the gateway from scratch should be documented as part of your disaster recovery plans "just in case," especially if you have to perform extra non-obivous steps like using Powershell to configure the interfaces.
If you use any Azure-specific methods (i.e. using Azure to backup the VM), this can only be done with the VM powered off, else the resulting backup may be corrupt.
we are also looking at this and I can't say we like what we've found so far.
from sk169814. GAIA backup and restore is not supported
from sk125752. Azure Backup service is not supported
from sk117443. The backup and restore features in the Azure Portal are currently not supported with Check Point products
Looks like for gateways you have to redeploy. If it's a cluster member you have to redeploy the whole cluster. For management server you use migrate_server
I will try Azure backup with the VM powered off as suggested by PhoneBoy.