The Gaia Image Management feature allows the administrator to create a new image (a snapshot) of the system. The administrator can revert to the image at a later time.
The snapshot creates a binary image of the entire root (
lv_current) disk partition. This includes all of the operating system files and various Check Point software files. Since the log partition is not included in the snapshot, some device data is not saved, such as FireWall logs and events (see "Limitations" section below).
Revert to a snapshot through:
- Gaia Clish
- Gaia Portal - "Snapshot Management" page
- Gaia Portal First Time Wizard (starting from R77.10) - "Import existing snapshot" option
Starting in R77.10, Gaia OS supports exporting an image from one machine, importing and restoring that image on another machine of the same type (e.g., can be used during RMA cases).
Note: If on the original machine a network configuration was performed in Gaia Portal (e.g., changing an IP address of an interface), then the MAC addresses of the original machine will be saved as well. MAC addresses will be exported and then imported and deployed on another machine.
For more details, refer to the Gaia Administration Guide (R75.40, R75.40VS, R76, R77 R80.10 R80.20).
Important Note: In R77.30 and lower versions, you cannot import a snapshot of R80.10 (or higher). The import will corrupt the snapshot, and reverting to it might damage your machine.
Limitations of the Gaia Image Management feature
- Snapshot and Revert operations must be performed on appliances of the same model.
- Any user data saved in the
/var/log/ partition is not saved as part of the snapshot.
- When reverting to a snapshot taken on a machine other than the current machine, the license may be invalid and may require re-activation, due to a MAC address change.
- You cannot import a snapshot if a snapshot with the same name already exists on the machine.
- Since we copy only the root partition, if there are any symbolic links from one partition to another that change between versions, the revert might affect the symbolic links.
Example: In R80.10, /var/log/link points to /opt/dest1, and in R80.20 it points to /opt/dest2. As a result, reverting a snapshot from one version to another might cause the symbolic link to be a broken link (because /var/log/link will still point to dest1 when in R80.20 it should pointing to dest2).
The same applies to the other direction: That is, if /opt/link points to /var/log/dest1 in R80.10, and to /var/log/dest2 in R80.20, the link might be broken here, too, when you revert the snapshot.
- Renaming the exported image is not supported. It is not possible to revert from a snapshot image that was renamed (the same applies to renaming snapshots directly on the Gateway).
If a snapshot file was renamed, you may see errors such as the following when trying to revert:
Checking all file systems.
[/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/mapper/vg_splat-lv_Backup
fsck.ext3: No such file or directory while trying to open /dev/mapper/vg_splat-lv_Backup
The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193 <device>
*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
(Repair filesystem) 1 #
(2) SmartLog / SmartView Tracker
- Firewall logs are not restored during reverting.
(3) Threat Emulation
- Threat Emulation updated engine, images, detection rules and logic may need to be downloaded again after reverting.
- All DLP quarantined e-mails are not restored during reverting.
- If the DLP Fingerprint data type was used before reverting on Security Gateways, another reboot is required after the first policy installation.
- DLP Fingerprint data types will not be enforced until the next successful repository scan.
- DLP Whitelist will not bypass files until the next successful repository scan.
- DLP Dynamic Dictionary data types will not be enforced until the next successful periodic scan.
- All packages that were uploaded with SmartUpdate to the Security Management Server before reverting are invalid after reverting. To fix this, delete the packages from SmartUpdate and upload them again.
(6) SmartEvent and SmartReporter
Note: These limitations were resolved in R77.20.
- For SmartEvent and SmartReporter to function after reverting, it is required to also restore from a Backup (TGZ) file:
- When backing up your system, take both a Backup (using the Gaia Backup feature) and a Snapshot (Gaia Image Management feature).
- Transfer both files from this machine to an external storage.
- At a later time, when it is required to rebuild the machine:
- Revert from the previously taken Snapshot.
- Restore from the Backup file.
(7) Endpoint Security Server
Note: These limitations were resolved in R77.20.