Print Download PDF Send Feedback

Previous

Next

Backup and Restore

In This Section:

Overview of Backup and Restore

Prerequisites

How to Back Up and Restore

Updating the PAT Version on the Server after Restore

Overview of Backup and Restore

Endpoint Security lets you back up all security data, such as users and policy information, to one compressed file. Using a command line migration utility, the backed-up data can be restored to an off-line Endpoint Security Management Server.

If you have High Availability, this is usually not necessary.

The compressed package contains:

The migration utility:

Prerequisites

How to Back Up and Restore

Use the migrate utility to back up and restore Endpoint Security files. The migrate utility:

To back up Endpoint Security data:

  1. Open a command prompt on the source server.
  2. Change directory to: $FWDIR/bin/upgrade_tools
  3. Run migrate export with the path to the output (.tgz) file.

    For example: ./migrate export <output_file_name>

    The <output_file_name> can be the output file path. If you do not include an output file path, the utility generates the tgz file in the $FWDIR/bin/upgrade_tools directory.

    • To automatically include all client MSI packages, run:
      ./migrate export --include-uepm-msi-files <output_file_name>.tgz
    • To export files without MSI packages, run:
      ./migrate export <output_file_name>.tgz

To restore Endpoint Security data:

  1. Copy the tgz file from the source server to the target server.
  2. Open a command prompt.
  3. Change directory to: $FWDIR/bin/upgrade_tools
  4. Run migrate import with the full path to the input (.tgz) file.

    For example: ./migrate import <input_file_name>

    To automatically include all client MSI packages, run:

    ./migrate import --include-uepm-msi-files <input_file_name>.tgz

    To export files without MSI packages, run:

    ./migrate import <input_file_name>.tgz

  5. When prompted, restart the target server.

Updating the PAT Version on the Server after Restore

Restoring an earlier configuration (.tgz) file to a new Endpoint Security Management Server also restores the older Policy Assignment Table (PAT). If the PAT version on the restored server is lower than the PAT version on the client, the client will not download policy updates.

To get the PAT version from a client connected to the server:

  1. Open the Windows registry.
  2. Find HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device Agent
  3. Double-click the PATVersion value.

    The Edit String window opens.

  4. Copy the number in the Value data field. This is the PAT version number.

To change the PAT version on the server:

  1. Open a command prompt.
  2. Change directory to:

    Gaia - $UEPMDIR/bin

  3. Run the Endpoint Security Management Security utility (uepm.exe) and set the new PAT version:

    Gaia: $UEPMDIR/bin>uepm patver set <old_PAT_version_number> + 10

  4. Make sure the new PAT version is set by running:

    Gaia: $UEPMDIR/bin>uepm patver get