Introduction:
You can use the CDT RMA Mode to collect the information from the Security Gateway R77.30 or higher about the installed software and configuration. You can use this information to reconfigure the replacement Security Gateway:
Important:
Requirements for RMA backup and RMA restore to work correctly:
For configuration instructions, see the R80.10 Gaia Administration Guide. |
Warning - Do not edit the RMA configuration file RmaTool.xml
installed by the CDT package.
Workflow:
CentralDeploymentTool.xml
file to change the settings:Generate a Candidates List to back up the specified Security Gateways, or use the -backupall
option to back up all the Security Gateways in one command.
To collect the RMA backup information:
-backupall
option is usedThe information saved:
save configuration
).$FWDIR/boot/modules/fwkern.conf
, and so on).To restore the RMA backup information:
admin/admin
).If you changed the default username/password, restore the Gaia to factory defaults.
If the First Time Configuration Wizard was already done, you must restore the Gaia to the factory defaults before you can run the RMA restore.
To see the required packages and other backup information, run:
# ./CentralDeploymentTool -rma -info -gateway=<Name of Security Gateway or Cluster Member Object> |
Note - License information is not restored on Check Point appliance, because it depends on the appliance's MAC address.
To generate a Candidates List for RMA backup:
Management Server |
Instructions |
---|---|
Security Management Server |
# ./CentralDeploymentTool -rma -generate -candidates=<Name of Candidates List file>.csv |
Multi-Domain Security Management Server |
# mdsenv <IP Address or Name of Domain Management Server>
# ./CentralDeploymentTool -rma -generate -candidates=<Name of Candidates List file>.csv -server=<IP Address or Name of Domain Management Server> |
To collect RMA backup from specified remote Security Gateways according to the Candidates List:
Management Server |
Instructions |
---|---|
Security Management Server |
# ./CentralDeploymentTool -rma -backup -candidates=<Name of Candidates List file>.csv |
Multi-Domain Security Management Server |
# mdsenv <IP Address or Name of Domain Management Server>
# ./CentralDeploymentTool -rma -backup -candidates=<Name of Candidates List file>.csv -server=<IP Address or Name of Domain Management Server> |
To collect RMA backup information from all remote Security Gateways (Candidates List file is not needed):
Management Server |
Instructions |
---|---|
Security Management Server |
# ./CentralDeploymentTool -rma -backupall |
Multi-Domain Security Management Server |
# mdsenv <IP Address or Name of Domain Management Server>
# ./CentralDeploymentTool -rma -backupall -server=<IP Address or Name of Domain Management Server> |
To show the RMA backup information of a specified remote Security Gateway:
Management Server |
Instructions |
---|---|
Security Management Server |
# ./CentralDeploymentTool -rma -info -gateway=<Name of Security Gateway or Cluster Member Object> |
Multi-Domain Security Management Server |
# mdsenv <IP Address or Name of Domain Management Server>
# ./CentralDeploymentTool -rma -info -gateway=<Name of Security Gateway or Cluster Member Object> -server=<IP Address or Name of Domain Management Server> |
To restore the RMA backup information on a remote Security Gateway:
Management Server |
Instructions |
---|---|
Security Management Server |
# ./CentralDeploymentTool -rma -restore -gateway=<Name of Security Gateway or Cluster Member Object> -license=<Path to License file> |
Multi-Domain Security Management Server |
# mdsenv <IP Address or Name of Domain Management Server>
./CentralDeploymentTool -rma -restore -gateway=<Name of Security Gateway or Cluster Member Object> -license=<Path to License file> -server=<IP Address or Name of Domain Management Server> |
Note - License path must be the full path to a new license file that you get from your account in Check Point User Center.
To specify a CPUSE Clean Install package when you restore the RMA backup information:
If the CDT could not recognize the CPUSE package file name of the installed version, you must explicitly specify the full path to the CPUSE package for Clean Install. You can get this CPUSE package from the Home Page for your version (contact Check Point Support for assistance):
Management Server |
Instructions |
---|---|
Security Management Server |
# ./CentralDeploymentTool -rma -restore -gateway=<Name of Security Gateway or Cluster Member Object> -license=<Path to License file> -package=<File Name of CPUSE Offline Package>.tgz |
Multi-Domain Security Management Server |
# mdsenv <IP Address or Name of Domain Management Server>
# ./CentralDeploymentTool -rma -restore -gateway=<Name of Security Gateway or Cluster Member Object> -license=<Path to License file> -package=<File Name of CPUSE Offline Package>.tgz -server=<IP Address or Name of Domain Management Server> |
Note - License path must be the full path to a new license file that you get from your account in Check Point User Center.
To make sure the Gaia Clish configuration was restored correctly on the Security Gateway or Cluster Member:
After performing an RMA restore, we recommend to make sure the Gaia Clish configuration was restored correctly.
Examine these log files on your Management Server:
/var/log/CPcdt/logs_<YYYY-MM-DD-HH-mm-ss>/RmaLogs/<Name of Security Gateway or Cluster Member Object>_FinalClishCommand.elg |
/var/log/CPcdt/logs_<YYYY-MM-DD-HH-mm-ss>/RmaLogs/<Name of Security Gateway or Cluster Member Object>_FinalClishLog.elg |
Notes:
/var/log/CPrma/
directory.To see this log file on Gaia OS, use the Linux less
command.
To see this log file on Windows OS, use an advanced text editor like Notepad++.