Backup, Restore, Upgrade, and Other System Operations

In the Device > System Operations page you can:

  • Automatically or manually upgrade the appliance firmware to the latest Check Point version.

  • Reboot

  • Restore factory default settings.

  • Revert to the factory default image and settings.

  • Revert to the previous firmware image.

  • Backup appliance settings to a file stored on your desktop computer.

  • Restore a backed up configuration.

  • Enable IPv6 networking and enforce IPv6 security.

To upgrade your appliance firmware manually:

Important:

  • Upgrade restrictions: Only Pro models (1535 / 1555 / 1555 / 1575 / 1575R / 1575R / 1595R / 1600 / 1800 / 1900 / 2000) can upgrade to R82. Other models (for example, 1530 / 1550 / 1570 / 1590) are blocked from this upgrade by default. For more information, see sk184492.

    Attempting to use Central Deployment to upgrade will not prevent the process from occurring, but the appliance upgrade is prevented from the gateway side.

  • Upgrading Pro device clusters to R82 will break the cluster due to core deviation changes, causing downtime and loss of High Availability (cluster failover). For more information, see sk184478.

  1. In the Firmware Management section, click Manual Upgrade.

  2. Follow the Wizard instructions in the Firmware Upgrade window.

    Note - Starting from R82.00.10, the upgrade process is more streamlined. After you upload the new firmware version and click Upgrade, the process continues automatically until the appliance reboots and you must log in again.

    Note - The firewall remains active while the upgrade is in process. Traffic disruption can only be caused by:

    • Saving a local image before the upgrade (this causes the Firewall daemon to shut down). This may lead to disruption in VPN connections.

    • The upgrade process automatically reboots the appliance.

Watch the Video

Note - After a reboot or failover in a high-availability setup, the appliance resumes operation automatically after power is restored, with no user intervention required.

To reboot the appliance:

  1. Click Reboot.

  2. Click OK in the confirmation message.

To restore factory default settings:

  1. Click Default Settings.

  2. Click OK in the confirmation message.

    The factory default settings are restored. The appliance reboots to complete the operation.

    Note - This does not change the software image. Only the settings are restored to their default values (IP address 192.168.1.1, WebUI address https://192.168.1.1:4434, the username admin and the password admin).

To revert to the factory default image:

  1. Click Factory Defaults.

  2. Click OK in the confirmation message.

    The factory default settings are restored. The appliance reboots to complete the operation.

    Note - This restores the default software image which the appliance came with and also the default settings (IP address https://192.168.1.1:4434, the username is admin, and the password is admin).

To make sure you have the latest firmware version:

Click Check now.

To automatically upgrade your appliance firmware when Cloud Services is not configured:

  1. Click Configure automatic upgrades.

    The Automatic Firmware Upgrades window opens.

  2. Click Perform firmware upgrades automatically.

  3. Select the upgrade option to use when new firmware is detected:

    • Upgrade immediately

      Or

    • Upgrade according to this frequency.

  4. If you selected Upgrade according to this frequency, select one of the Occurs options:

    • Daily - Select the Time of day.

    • Weekly - Select the Day of week and Time of day.

    • Monthly - Select the Day of month and Time of day.

  5. Click Apply

Notes:

  • When a new firmware upgrade is available, a note shows the version number. Click Upgrade Now to upgrade it immediately, or click More Information to see what is new in the firmware version.

  • If the gateway is configured by Cloud Services, automatic firmware upgrades are locked. They can only be set by Cloud Services.

To revert to an earlier firmware image:

  1. Click Revert to Previous Image.

  2. Click OK in the confirmation message.

    The appliance reboots to complete the operation.

To backup appliance settings:

  1. Click Backup.

    The Backup Settings page opens.

  2. To encrypt the backup file, select the Use File Encryption checkbox. Set and confirm a password.

  3. To back up the security policy installed on the appliance, select the Backup Security Policy checkbox. You can add Comments about the specific backup file created.

  4. Click Save Backup. The File Download dialog box appears.

    The file name format is:

    <current software version>-<YY-Month-day>-<HH_MM_Seconds>.zip

  5. Click Save and select a location.

To restore a backed up configuration:

  1. Click Restore.

    The Restore Settings page appears.

  2. Browse to the location of the backed up file.

  3. Click Upload File.

    Best Practice - We recommend that you perform the procedure after a clean install and not with the current appliance configuration.

Important:

  • To replace an existing appliance with another one (for example, upon hardware failure) you can restore the settings saved on your previous appliance and reactivate your license (through Device > License).

  • To duplicate an existing appliance you can restore the settings of the original appliance on the new one.

  • Restoring settings of a different version is supported, but not automatically between every two versions. If the restore action is not supported between two versions, the gateway does not allow you to restore the settings.

  • If Two-Factor Authentication is enabled in the backup file and the settings are restored on a gateway that is not connected to the internet, you can only generate the OTP using an authentication app if the gateway’s time is correctly synchronized.

    If the time is not accurate, use the emergency key provided in the registration email.

Uploading a gateway configuration from 15xx / 1600 / 1800 / 1900 / 2000 to 25xx Appliance

You can upload a configuration from your older Spark Firewall 15xx / 1600 / 1800 / 1900 / 2000 appliances and restore it on a 25xx Appliance.

Limitations:

  • This procedure is only applicable to Locally Managed appliances.

  • Migration is supported only between appliances with the same hardware type (e.g., WiFi model to WiFi model, Cellular model to Cellular model).

  • If migrating to a newer model with more LAN ports than the older one, you must:

    • Remove any higher-indexed LAN ports from all configurations (e.g., bridge, switch, Internet).

    • Set these ports to Unassigned before performing the backup on the old device.

  • Restoring settings from an appliance running version R81.10.10 or earlier to an appliance running version R82.00.00 is not supported.

Procedure:

  1. Click Backup.

    The Backup Settings page opens.

  2. To encrypt the backup file, select the Use File Encryption checkbox. Set and confirm a password.

  3. To back up the security policy installed on the appliance, select the Backup Security Policy checkbox. You can add Comments about the specific backup file created.

  4. Click Save Backup. The File Download dialog box appears.

    The file name format is:

    <current software version>-<YY-Month-day>-<HH_MM_Seconds>.zip

  5. Click Save and select a location to store the backup file..

  1. Click Restore.

    The Restore Settings page appears.

  2. Browse to the location of the backed-up file.

  3. Click Upload File.

These upgrade paths are supported:

 

From

To

2530 / 2550

2560 / 2570

2580

1530 / 1550

1535 / 1555

1570 / 1590

1575 / 1595

1600

1800

1900 / 2000

Using the Software Upgrade Wizard

Follow the instructions in each page of the Software Upgrade Wizard.

Click Cancel to quit the wizard.

Welcome

Click the Check Point Download Center link to download an upgrade package as directed. If you already downloaded the file, you can skip this step.

Upload Software

Click Browse to select the upgrade package file.

Click Upload. This may take a few minutes. When the upload is complete, the wizard automatically validates the image. A progress indicator at the bottom of the page tells you the percentage completed. When there is successful image validation, an "Upload Finished" status shows.

Upgrade Settings

The system always performs an upgrade on a separate flash partition and your current-running partition is not affected. You can always switch back to the current image if there is an immediate failure in the upgrade process. If the appliance does not come up properly from the boot, disconnect the power cable and reconnect it. The appliance automatically reverts to the previous image.

Click the Revert to Previous Image button on the System Operations page to return to an earlier image. The backup contains the entire image, including the firmware, all system settings and the current security policy.

When you click Next, the upgrade process starts.

Upgrading

The Upgrading page shows an upgrade progress indicator and checks off each step as it is completed.

  • Initializing upgrade process

  • Installing new image

Backing up the System

The backup file includes all your system settings such as network settings and DNS configuration. The backup file also contains the Secure Internal Communication certificate and your license.

If you want to replace an existing appliance with another one, you can restore the settings of your previous appliance and re-activate your license (on the License Page > Activate License page).

If you want to duplicate an existing appliance, you can restore the settings of the original appliance on the new one. Make sure to change the IP address of the duplicated appliance (on the Device > Internet page) and generate a new license.

To create a backup file:

  1. Click Create Backup File.

    The Backup Settings window opens.

  2. To encrypt the file, click Use file encryption.

    If you select this option, you must enter and confirm a password.

  3. Optional - Add a comment about the backup file.

  4. Click Create Backup.

    System settings are backed up.

To configure a periodic backup:

  1. In Device > System Operations > Backup and Restore System Settings, click Settings.

    The Periodic Backup Settings window opens.

  2. Click Enable scheduled backups.

  3. Configure the file storage destination:

    1. Select the Protocol from the dropdown menu:

      • SFTP

      • FTP

      • SCP

      • FLASH

    2. Enter a Backup server path.

    3. Enter a username and password.

    4. Click Save.

  4. Optional - Select Use file encryption.

    If you select this option, you must enter and confirm a password.

  5. In Schedule Periodic Backup, select frequency:

    • Daily - Select time of day (hour range).

    • Weekly - Select day of week and time of day.

    • Monthly - Select day of month and time of day.

      Note - If a month does not include the selected day, the backup is executed on the last day of the month.

  6. Click Save.

Watch the Video

IPv6 Settings

To enable IPv6:

Click Enable IPv6.

Now you can configure an IPv6 address in network and policy settings on the Configuring Internet Connectivity page.

Note - You must reboot the appliance first.