Backup and Restore

Endpoint Security lets you back up all security data, such as users and policy information, to one compressed file. Using a command line migration utility, the backed-up data can be restored to an off-line Endpoint Security Management Server.

If you have High Availability, this is usually not necessary.

The compressed package contains:

  • Configuration files

  • Client packages

  • Certificates for client packages

  • Endpoint Management database

  • Security Management Server database

The migration utility:

  • Only exports and imports files that are related to Check Point components installed on the target server.

  • Copies configuration files to the correct path.smartda

Prerequisites

  • The two Endpoint Security servers must have the same Endpoint Security version.

  • The two Endpoint Security servers must have the same Check Point products installed.

  • The offline target server must have the same IP address and hostname as the source server.

  • The source and the target servers are primary Endpoint Security servers. The export and import operations are not supported from or to a secondary server.

How to Back Up and Restore

Use the migrate utility to back up and restore Endpoint Security files.

See Backing Up and Restoring in the R81.20 Installation and Upgrade Guide .

Updating the PAT Version on the Server after Restore

Restoring an earlier configuration (.tgz) file to a new Endpoint Security Management Server also restores the older Policy Assignment Table (PAT). If the PAT version on the restored server is lower than the PAT version on the client, the client will not download policy updates.

If you made a backup the database of your Endpoint Security Management Server, and later restored it, then you must follow these steps:

To get the PAT version from a client connected to the server:

  1. Open the Windows registry.

  2. Find HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Device Agent

  3. Double-click the PATVersion value.

    The Edit String window opens.

  4. Copy the number in the Value data field. This is the PAT version number.

To change the PAT version on the server:

  1. Open a command prompt.

  2. Change directory to:

    $UEPMDIR/bin

  3. Run the Endpoint Security Management Security utility and set the new PAT version:

    uepm patver set <old_PAT_version_number> + 10

  4. Make sure the new PAT version is set by running:

    uepm patver get