In This Section: |
Endpoint Security lets you back up all security data, such as users and policy information, to one compressed file. Using a command line migration utility, the backed-up data can be restored to an off-line Endpoint Security Management Server.
If you have High Availability, this is usually not necessary.
The compressed package contains:
The migration utility:
Use the migrate utility to back up and restore Endpoint Security files. The migrate utility:
tgz
.To back up Endpoint Security data:
$FWDIR/bin/upgrade_tools
migrate export
with the path to the output (.tgz) file.
For example: ./migrate export <
output_file_name>
The <
output_file_name>
can be the output file path. If you do not include an output file path, the utility generates the tgz
file in the $FWDIR/bin/upgrade_tools
directory.
./migrate export --include-uepm-msi-files <
output_file_name>.tgz
./migrate export <
output_file_name>.tgz
To restore Endpoint Security data:
tgz
file from the source server to the target server.FWDIR/bin/upgrade_tools
migrate import
with the full path to the input (.tgz) file.For example: ./migrate import <
input_file_name>
To automatically include all client MSI packages, run:
./migrate import --include-uepm-msi-files <
input_file_name>.tgz
To export files without MSI packages, run:
./migrate import <input_file_name>.tgz
Restoring an earlier configuration (.tgz) file to a new Endpoint Security Management Server also restores the older Policy Assignment Table (PAT). If the PAT version on the restored server is lower than the PAT version on the client, the client will not download policy updates.
To get the PAT version from a client connected to the server:
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device Agent
The Edit String window opens.
To change the PAT version on the server:
Gaia - $UEPMDIR/bin
uepm.exe)
and set the new PAT version:Gaia: $UEPMDIR/bin>uepm patver set <old_PAT_version_number> + 10
Gaia: $UEPMDIR/bin>uepm patver get