Support Center > Search Results > SecureKnowledge Details
Gaia Limitations after Snapshot Recovery
Solution

Introduction

The Gaia Image Management feature allows the administrator to create a new image (a snapshot) of the system. The administrator can revert to the image at a later time.

The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes all of the operating system files and various Check Point software files. Since the log partition is not included in the snapshot, some device data is not saved, such as FireWall logs and events (see "Limitations" section below).

Revert to a snapshot through:

  • Gaia Clish
  • Gaia Portal - "Snapshot Management" page
  • Gaia Portal First Time Wizard (starting from R77.10) - "Import existing snapshot" option

Starting in R77.10, Gaia OS supports exporting an image from one machine, importing and restoring that image on another machine of the same type (e.g., can be used during RMA cases).

Note: If on the original machine a network configuration was performed in Gaia Portal (e.g., changing an IP address of an interface), then the MAC addresses of the original machine will be saved as well. MAC addresses will be exported and then imported and deployed on another machine.

For more details, refer to Gaia Administration Guide (R75.40, R75.40VS, R76, R77 R80.10 R80.20).

Important Note: In R77.30 and lower versions, you cannot import a snapshot of R80.10 (or higher). The import will corrupt the snapshot, and reverting to it might damage your machine. 

Limitations of the Gaia Image Management feature

(1) General

  • Snapshot and Revert operations must be performed on appliances of the same model.
  • Any user data saved in /var/log/ partition is not saved as part of the snapshot.
  • When reverting to a snapshot taken on a machine other than the current machine, the license may be invalid and may require re-activation, due to a MAC address change.
  • You cannot import a snapshot if a snapshot with the same name already exists on the machine. 
  • Renaming the exported image is not supported. It is not possible to revert from a snapshot image that was renamed.

    If a snapshot file was renamed, you may see errors such as the following when trying to revert:

    Checking all file systems.
    [/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/mapper/vg_splat-lv_Backup
    fsck.ext3: No such file or directory while trying to open /dev/mapper/vg_splat-lv_Backup
    /dev/mapper/vg_splat-lv_Backup:
    The superblock could not be read or does not describe a correct ext2
    filesystem.  If the device is valid and it really contains an ext2
    filesystem (and not swap or ufs or something else), then the superblock
    is corrupt, and you might try running e2fsck with an alternate superblock:
        e2fsck -b 8193 <device>
    
    [FAILED]
    
    *** An error occurred during the file system check.
    *** Dropping you to a shell; the system will reboot
    *** when you leave the shell.
    (Repair filesystem) 1 #
    

 

(2) SmartLog / SmartView Tracker

  • Firewall logs are not restored during reverting.

 

(3) Threat Emulation

  • Threat Emulation updated engine, images, detection rules and logic may need to be downloaded again after reverting.

 

(4) DLP

  • All DLP quarantined e-mails are not restored during reverting.
  • If the DLP Fingerprint data type was used before reverting on Security Gateways, another reboot is required after the first policy installation.
  • DLP Fingerprint data types will not be enforced until the next successful repository scan.
  • DLP Whitelist will not bypass files until the next successful repository scan.
  • DLP Dynamic Dictionary data types will not be enforced until the next successful periodic scan.

 

(5) SmartUpdate

  • All packages that were uploaded with SmartUpdate to the Security Management Server before reverting are invalid after reverting. To fix this, delete the packages from SmartUpdate and upload them again.

 

(6) SmartEvent and SmartReporter

Note: These limitations were resolved in R77.20.

  • For SmartEvent and SmartReporter to function after reverting, it is required to also restore from a Backup (TGZ) file:
    • When backing up your system, take both a Backup (using the Gaia Backup feature) and a Snapshot (Gaia Image Management feature).
    • Transfer both files from this machine to an external storage.
    • At a later time, when it is required to rebuild the machine:
      1. Revert from the previously taken Snapshot.
      2. Restore from the Backup file.
      3. Reboot.

 

(7) Endpoint Security Server

Note: These limitations were resolved in R77.20.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment