Backup and Restore

In This Section: Overview of Backup and Restore Prerequisites How to Back Up and Restore Updating the PAT Version on the Server after Restore

Overview of Backup and Restore

Endpoint Security lets you back up all security data, such as users and policy information, to one compressed file. Using a command line migration utility, the backed-up data can be restored to an off-line Endpoint Security Management Server.

If you have High Availability, this is usually not necessary.

The compressed package contains:

• Configuration files
• Client packages
• Certificates for client packages
• Endpoint Management database
• Security Management Server database

The migration utility:

• Only exports and imports files that are related to Check Point components installed on the target server.
• Copies configuration files to the correct path.

Prerequisites

• The two Endpoint Security servers must have the same Endpoint Security version.
• The two Endpoint Security servers must have the same Check Point products installed.
• The offline target server must have the same IP address and hostname as the source server.
• The source and the target servers are primary Endpoint Security servers. The export and import operations are not supported from or to a secondary server.

How to Back Up and Restore

Use the migrate utility to back up and restore Endpoint Security files. The migrate utility:

• Extracts the configuration files from the tgz.
• Copies them to the correct places.
• Restores the Endpoint Security management and Security Management Server databases.

To back up Endpoint Security data:

1. Open a command prompt on the source server.
2. Change directory to: $FWDIR/bin/upgrade_tools
3. Run migrate export with the path to the output (.tgz) file.

   For example: ./migrate export <output_file_name>

   The <output_file_name> can be the output file path. If you do not include an output file path, the utility generates the tgz file in the $FWDIR/bin/upgrade_tools directory.

   • To automatically include all client MSI packages, run:
     ./migrate export --include-uepm-msi-files <output_file_name>.tgz
   • To export files without MSI packages, run:
     ./migrate export <output_file_name>.tgz

To restore Endpoint Security data:

1. Copy the tgz file from the source server to the target server.
2. Open a command prompt.
3. Change directory to: $FWDIR/bin/upgrade_tools
4. Run migrate import with the full path to the input (.tgz) file.

   For example: ./migrate import <input_file_name>

   To automatically include all client MSI packages, run:

   ./migrate import --include-uepm-msi-files <input_file_name>.tgz

   To export files without MSI packages, run:

   ./migrate import <input_file_name>.tgz

5. When prompted, restart the target server.

Updating the PAT Version on the Server after Restore

Restoring an earlier configuration (.tgz) file to a new Endpoint Security Management Server also restores the older Policy Assignment Table (PAT). If the PAT version on the restored server is lower than the PAT version on the client, the client will not download policy updates.

To get the PAT version from a client connected to the server:

1. Open the Windows registry.
2. Find HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device Agent
3. Double-click the PATVersion value.

   The Edit String window opens.

4. Copy the number in the Value data field. This is the PAT version number.

To change the PAT version on the server:

1. Open a command prompt.
2. Change directory to:

   Gaia - $UEPMDIR/bin

3. Run the Endpoint Security Management Security utility (uepm.exe) and set the new PAT version:

   Gaia: $UEPMDIR/bin>uepm patver set <old_PAT_version_number> + 10

4. Make sure the new PAT version is set by running:

   Gaia: $UEPMDIR/bin>uepm patver get