|
|
|
In This Section: |
Before you upgrade, back up the Security Management Servers and Security Gateways.
Use the snapshot mechanism if it is available.
SecurePlatform has a command line or Web GUI utility for backups of your system settings and product configuration. The backup utility can store backups locally on the Security Management Server, or remotely to a TFTP server or an SCP server. You can run the backup manually, or schedule backups.
The backups are TGZ files. When saved locally, the default path is: /var/CPbackup/backups
Backup and Restore commands require expert permissions.
Syntax:
backup [-h] [-d] [-l] [--purge DAYS] [--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off] [[--tftp <ServerIP> [-path <Path>] [<Filename>]] | [--scp <ServerIP> <User name> <Password> [-path <Path>][<Filename>]] | [--file [-path <Path>][<Filename>]] |
||
Parameter |
Description |
|
|
See help on the command |
|
|
Debug flag |
|
|
Enables VPN log backup (by default, VPN logs are not backed up) |
|
|
Deletes older backup files, from the number of days given |
|
|
Schedule backups
Example: |
|
|
Back up to TFTP. Enter IP addresses of TFTP servers Example: |
|
|
Back up to SCP. Enter IP addresses of SCP servers, username (with access to SCP server), password, and optionally the filename Example: |
|
|
For local backups, enter an optional filename, or -path parameter and pathname |
|
You can back up the entire SecurePlatform operating system and installed configuration with the snapshot command. A snapshot is made automatically during upgrade with the SafeUpgrade option. You can take a snapshot manually with the snapshot command.
The snapshot and revert commands can use a TFTP server or an SCP server to store snapshots. Snapshots can also be stored locally.
Syntax:
snapshot [-h] [-d] [[--tftp <Server IP> <Filename>] | [--scp <Server IP> <Username> <Password> <Filename>] | [--file <Filename>]] |
|
Parameter |
Description |
|
See help on the command |
|
Debug flag |
|
Back up to TFTP. Enter IP addresses of TFTP servers Example: |
|
Back up to SCP. Enter IP addresses of SCP servers, username (with access to SCP server), password, and optionally the filename Example: |
|
For local backups, enter an optional filename, or -path parameter and pathname |
Before upgrading a gateway or Security Management Server to R77, you need to have a valid support contract that includes software upgrade and major releases registered to your Check Point User Center account. The Security Management Server stores the contract file and downloads it to Security Gateways during the upgrade. By verifying your status with the User Center, the contract file enables you to easily remain compliant with current Check Point licensing standards.
As in all upgrade procedures, first upgrade your Security Management Server or Multi-Domain Server before upgrading the Gateways. Once the management has been successfully upgraded and contains a contract file, the contract file is transferred to a gateway when the gateway is upgraded (the contract file is retrieved from the management).
Note - Multiple user accounts at the User Center are supported.
When you upgrade a Management Server, the upgrade process checks to see whether a Contract File is already present on the v. If not, you get the main options for getting a contract. You can download a Contract File or import it.
If the Contract File does not cover the Management Server, a message informs you that the Management Server is not eligible for upgrade. The absence of a valid Contract File does not prevent upgrade. You can download a valid Contract File later in SmartUpdate.
If you have Internet access and a valid user account, download a Contract File directly from your User Center account. If you choose to download the contract information from the User Center, you are prompted to enter your:
If the Management Server does not have Internet access:
Select this option if you intend to get and install a valid Contract File at a later date. Note that at this point your Security Gateways are not strictly eligible for an upgrade; you may be in violation of your Check Point Licensing Agreement, as shown in the final message of the upgrade process.
Contract verification on IPSO is not interactive. After successfully upgrading the gateway, the following message is displayed:
|
At the earliest opportunity, obtain a valid contact file from the Check Point User Center.
After you accept the End User License Agreement (EULA), the upgrade process searches for a valid contract on the gateway. If a valid contract is not located, the upgrade process attempts to retrieve the latest contract file from the Security Management Server. If not found, you can download or import a contract.
If the contract file does not cover the gateway, a message informs you (on Download or Import) that the gateway is not eligible for upgrade. The absence of a valid contract file does not prevent upgrade. When the upgrade is complete, contact your local support provider to obtain a valid contract. Use SmartUpdate to install the contract file.
Use the download or import instructions for installing a contract file on a Security Management Server.
If you continue without a contract, you install a valid contract file later. But the gateway is not eligible for upgrade. You may be in violation of your Check Point Licensing Agreement, as shown in the final message of the upgrade process. Contact your reseller.
