Table of Contents:

• Backup and restore commands
• Syntax
• Backup parameters
• Examples
• Configuring automatic backups
• Related documentation

 

Backup and restore commands

SecurePlatform provides both command line, or WebUI, capability for conducting backups of your system settings and products configuration.

The backup utility can store backups either locally on the SecurePlatform machine hard drive or to an FTP server, TFTP server or SCP server. You can perform backups on request, or according to a predefined schedule.

Backup files are kept in tar GZIPed format (.tgz). Backup files, saved locally, are kept in /var/CPbackup/backups directory.

The 'restore' command line utility is used for restoring SecurePlatform settings, and/or Product configuration from backup files.

Note: only administrators with Expert permissions can directly access directories of a SecurePlatform system. You will need the Expert password to execute the 'restore' command.

The backup & restore commands are provided in SecurePlatform to provide a simple way to perform a complete backup of the Check Point configuration as well as the SecurePlatform OS settings. You can also copy backup files to a number of SCP and TFTP servers for improved robustness of backup. The 'backup' command, run by itself, without any additional flags, will use default backup settings and will perform a local backup.

 

Syntax

[Expert@HostName]# backup [-h] [-d] [-l] [--purge DAYS] [--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off] [--tftp <ServerIP> [-path <Path>] [<FileName>]] [--scp <ServerIP> <UserName> <Password> [-path <Path>] [<FileName>]] [--ftp <ServerIP> <UserName> <Password> [-path <Path>] [<FileName>]] [--file [-path <Path>] [<FileName>]]

 

Backup parameters

Parameter	Meaning
-h	Display usage
-d	Debug flag
-l	Enable backup of the Check Point Security Gateway log (by default, these logs are not backed up)
-p or --purge	Delete old backups from previous backup attempts
[--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off]	Schedule interval at which backup is to take place On - specify time and day of week, or day of month Off - disable schedule
--tftp <ServerIP> [-path <Path>][<FileName>]	List of IP addresses of TFTP servers, to which the configuration will be backed up, and optionally the filename
--scp <ServerIP> <UserName> <Password>[-path <Path>] [<FileName>]	List of IP addresses of SCP servers, to which the configuration will be backed up, the user name and password used to access the SCP Server, and optionally the filename
--ftp <ServerIP> <UserName> <Password> [-path <Path>] [<FileName>]	List of IP addresses of FTP servers, to which the configuration will be backed up, the user name and password used to access the FTP Server, and optionally, the filename
--file [-path <Path>] <FileName>	When the backup is performed locally, specify an optional filename

Note:
If a 'FileName' is not specified, a default name will be provided with the following format:
backup_hostname.domain-name_DD_MM_YYYY_HH_MM.tgz
Example: backup_gateway1.mydomain.com_13_11_2003_12_47.tgz

 

Examples:

Command	Explanation
backup -file -path /tmp filename	Puts the backup file in /tmp and names it filename: /tmp/filename
backup -tftp 10.10.10.11 -path tmp	TFTP server with 10.10.10.11, the backup file is saved in the tmp directory (in the TFTP server's default directory - usually /tftproot) with the default file name backup_SystemName_TimeStamp.tgz: /tftproot/backup_SystemName_TimeStamp.tgz
backup -tftp 20.20.20.22 -path var file1	TFTP server with 20.20.20.22, the backup file is saved in var (under the TFTP server's default directory - usually /tftproot) as file1: /tftproot/file1
backup -scp 50.50.50.55 username3 password3 -path /bin file3	SCP server with 50.50.50.55, the backup file is saved in /bin as file3: /bin/file3
backup -file file5	locally in the default directory (/var/CPbackup/backups) as file5: /var/CPbackup/backups/file5
backup -scp 30.30.30.33 username1 password1 file2	SCP server with 30.30.30.33 in the home directory of username1 as file2: ~/username1/file2
backup -scp 40.40.40.44 username2 password2 -path mybackup	SCP server with 40.40.40.44 in the home directory of username2 in folder mybackup with the default file name backup_SystemName_TimeStamp.tgz: ~/username2/mybackup/backup_SystemName_TimeStamp.tgz

 

Configuring automatic backups

For this tutorial we will use the following settings:

Item	Value
FTP Server	10.22.2.99
FTP User Name	mikem
FTP Password	vpn123
Backup Schedule	Every Sunday at 01:00am

 

To list the active backup schedules:

1. Login to the SecurePlatform machine in Expert Mode.
   
   
2. Verify that there are no currently configured automatic backups that you could overwrite:
   
   [Expert@HostName]# cat /var/CPbackup/conf/backup_sched.conf
   
   If this command returns a "file not found" error, or if it returns back to the command prompt without showing any details, then there are no automatic backups currently configured.

   

   Here we see that the backup configuration file has not yet been created, so we can move on to setting up the automatic backup.

 

To configure the automatic backup schedule:

1. Using our example configuration, run the following command:
   
   [Expert@HostName]# backup --sched on 01:00 -w 7 --ftp 10.22.2.99 mikem vpn123
   
   
2. Check the backup configuration file:
   
   [Expert@HostName]# cat /var/CPbackup/conf/backup_sched.conf

   The configuration file has been created.

   

 

To list the scheduled jobs in crontab:

Note: Crontab is the process that handles running scheduled jobs.

[Expert@HostName]# crontab -l

You can see that:

• SecurePlatform backup is configured to run every Sunday at 01:00am and transfer the file to the FTP server we defined.
• The backup_util sched is in the list of scheduled jobs.

 

Related documentation

SecurePlatform Administration Guide (R65, R70, R71, R75, R75.40, R75.40VS, R76, R77):

• Chapter 'Configuration Using the Web Interface' - Device - Backup
• Chapter 'SecurePlatform Shell' - System Commands - backup
• Chapter 'SecurePlatform Shell' - Snapshot Image Management