• CP防火墙备份与还原


    Step1:进入专家模式

    ======================================================

    如果没有设置专家模式的密码,执行下面命令进行设置:

    BJ-OFFICE-GW> set expert-password
    Enter new expert password:
    Enter new expert password (again):
    BJ-OFFICE-GW>

    Step2:进入备份工具目录

    ======================================================

    [Expert@BJ-OFFICE-GW:0]# cd $FWDIR

    [Expert@BJ-OFFICE-GW:0]# cd bin/

    [Expert@BJ-OFFICE-GW:0]# cd upgrade_tools/

    [Expert@BJ-OFFICE-GW:0]# ls -l
    total 73204
    -rwxrwx--- 1 admin bin 377032 Oct 10 2018 del_revision_files
    -rwxrwx--- 1 admin bin 266484 Oct 10 2018 gtar
    -rwxrwx--- 1 admin bin 74116 Oct 10 2018 gzip
    -rwxrwx--- 1 admin bin 6937092 Oct 10 2018 ips_upgrade_tool
    -rwxrwx--- 1 admin bin 11713680 Oct 10 2018 migrate
    -rwxrwx--- 1 admin bin 59429 Oct 10 2018 migrate.conf
    -rwxrwx--- 1 admin bin 107 Oct 10 2018 plugin_pack.conf
    -rwxrwx--- 1 admin bin 6127476 Oct 10 2018 plugin_pack_compare
    -rwxrwx--- 1 admin bin 6276408 Oct 10 2018 plugin_upgrade_matcher
    -rwxrwx--- 1 admin bin 18065 Oct 10 2018 ppidb.conf
    -rwxrwx--- 1 admin bin 19385024 Oct 10 2018 pre_upgrade_verifier
    -rwxrwx--- 1 admin bin 135320 Oct 10 2018 puv_report_generator
    -rwxrwx--- 1 admin bin 11713680 Oct 10 2018 upgrade_export
    -rwxrwx--- 1 admin bin 11713680 Oct 10 2018 upgrade_import
    [Expert@BJ-OFFICE-GW:0]#

    Step3:备份

    ======================================================

    [Expert@BJ-OFFICE-GW:0]# ./upgrade_export SMC_20190709.tgz


    You are required to close all clients to Security Management Server
    or execute 'cpstop' before the Export operation begins.

    Do you want to continue? (y/n) [n]? y


    Copying required files...

    The operation completed successfully.

    Location of archive with exported database: /opt/CPsuite-R80/fw1/bin/upgrade_tools/SMC_20190709.tgz

    说明:从R80.20后改命令已经没有,由migrate替代,具体用法如下:

    migrate  export 导出

    migrate  import 还原

    [Expert@BJ-ZHX-FW:0]# ./migrate export SMC_20190714.tgz

    You are required to close all clients to Security Management Server
    or execute 'cpstop' before the Export operation begins.

    Do you want to continue? (y/n) [n]? y


    Copying required files...
    Compressing files...

    The operation completed successfully.

    Location of archive with exported database: /opt/CPsuite-R80.20/fw1/bin/upgrade_tools/SMC_20190714.tgz

    Step4:使用WINSCP进行下载

    ======================================================

    [Expert@BJ-OFFICE-GW:0]# chsh -s /bin/bash
    Changing shell for admin.
    Shell changed.
    [Expert@BJ-OFFICE-GW:0]#

     使用winscp登录FW,下载/opt/CPsuite-R80/fw1/bin/upgrade_tools/SMC_20190709.tgz文件即可。

    Step5:还原

    ======================================================

    将备份文件上传到升级备份目录,如下:

    [Expert@BJ-ZHX-FW:0]# ./migrate import SMC_20190714.tgz
    The import operation will eventually stop all Check Point services (cpstop).
    Do you want to continue? (y/n) [n]? y


    Extracting the database...
    Stopping all Check Point services (cpstop)...
    cpwd_admin:
    Process DASERVICE terminated
    Mobile Access: Stopping MoveFileDemuxer service (if needed)
    Mobile Access: MoveFileDemuxer is not running
    Mobile Access: Mobile Access blade is disabled or already shut down
    Mobile Access: Push notification is disabled or already shut down
    Mobile Access: Reverse Proxy for HTTP traffic is disabled or already shut down.
    Mobile Access: Reverse Proxy for HTTPS traffic is disabled or already shut down.
    Mobile Access: Successfully stopped Mobile Access services
    UEPM: Endpoint Security Management isn't activated
    Stop Search Infrastructure...
    Stopping RFL ...
    cpwd_admin:
    successful Detach operation
    Stopping Solr ...
    cpwd_admin:
    Process SOLR isn't monitored by cpWatchDog. detach request aborted
    Stop SmartView ...
    Stopping SmartView ...
    cpwd_admin:
    successful Detach operation
    Stop Log Indexer...
    cpwd_admin:
    Process INDEXER (pid=13703) stopped with command "kill 13703". Exit code 0.
    Stop SmartLog Server...
    cpwd_admin:
    Process SMARTLOG_SERVER terminated
    dbsync is not running
    evstop: Stopping product - SmartEvent Server
    evstop: Stopping product - SmartEvent Correlation Unit
    Check Point SmartEvent Correlation Unit is not running
    Stopping SmartView Monitor daemon ...
    SmartView Monitor daemon is not running
    Stopping SmartView Monitor kernel ...
    SmartView Monitor kernel stopped
    FloodGate-1 is already stopped.
    Set operation succeeded
    FireWall-1: cpm stopped
    FireWall-1: fwm stopped
    Stopping sessions database
    FireWall-1: disabling IPv4 forwarding and bridge forwarding
    FireWall-1: FW-1 IPv6 kernel module is not loaded
    SecureXL device disabled.
    Stopping Critical Alerts Sensor
    SVN Foundation: cpd stopped
    SVN Foundation: multiportal daemon stopped
    Stopping cpviewd
    cpwd_admin:
    Process HISTORYD terminated
    cpwd_admin:
    Process SXL_STATD terminated
    SVN Foundation: cpWatchDog stopped
    SVN Foundation stopped
    Importing files...
    generating INSPECT code for GUI Clients
    initial_management:
    Compiled OK.
    initial_management:
    Compiled OK.

    The import operation completed successfully.
    Do you wish to start Check Point services? (y/n) [y]? y

  • 相关阅读:
    BGP
    ospf路由认证
    rip路由认证
    php-数组的相关函数及排序算法
    php-多维数组,数组遍历
    php-数组的概念,语法及特点
    php-错误处理
    MySQL性能优化
    JUC多线程03
    JUC多线程01
  • 原文地址:https://www.cnblogs.com/networking/p/11156182.html
Copyright © 2020-2023  润新知