Firewall Wizards mailing list archives

RE: Backup Checkpoint Firewall

From: "Paul Melson" <psmelson () comcast net>
Date: Tue, 17 May 2005 13:48:22 -0400

Problem #2 is easy:

echo | upgrade_export 

Problem #1 is not so easy, or at least not so straightforward.  You can see
who is connected by using SmartView Status and clicking on the 'Management'
object - connected clients appear in the Details pane.  Automating this in a
batch file isn't particularly feasible, so you have to use something like
'cpstop' (or use 'net stop ...' to kill the Windows service, if your
management server is running on Windows).

If your firewall and management server run on the same box, running 'cpstop'
will cause problems.  If this is the case, I would recommend that you
manually verify that there are no client connections and run upgrade_export
manually when there are policy changes.  If you have to automate it, you can
choose to hope that nobody is logged in and then use the upgrade checker
(http://www.checkpoint.com/techsupport/downloadsng/utilities.html#upgrade_ve
rify) to verify the integrity of the upgrade_export file after the fact.
Typically, clients holding tables open won't prevent upgrade_export from
working properly unless there is a particular row locked by the client, for
instance if someone is running dbedit.

PaulM


-----Original Message-----
Subject: Re: [fw-wiz] Backup Checkpoint Firewall

Thanks for the input.  My next problem is with upgrade_export it says the
following:

"You are required to close all Check Point clients before the export begins.
If the export fails, stop Check Point services and run the upgrade_export
command again.  Press ENTER when ready.."

Problem 1)      How can I ensure all clients are closed?  My first thought
was to run cpstop, but my coworker said it used to 
only stop the Dashboard, but now it stops everything.  That is a problem
since backups are going on at the same time.

Problem 2)      Press ENTER when ready.  How would I do that in a batch
file?

I know this is not the best place for problem 2, but it is still a problem.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Backup Checkpoint Firewall Nathaniel Hall (May 17)
- RE: Backup Checkpoint Firewall Paul Melson (May 17)
- Re: Backup Checkpoint Firewall John Adams (May 17)
- Re: Backup Checkpoint Firewall Erick Mechler (May 17)
- <Possible follow-ups>
- Re: Backup Checkpoint Firewall Nathaniel Hall (May 17)
  - RE: Backup Checkpoint Firewall Paul Melson (May 17)