The mds_backup command backs up binaries and data from a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. to a user specified working directory.

You then copy the backup files from the working directory to external storage.

This command requires Multi-Domain Superuser privileges.

The mds_backup command runs the gtar and dump commands to back up all databases. The collected information is stored in one *.tar file. The file name is a combination of the backup date and time and is saved in the current working directory. For example: 13Sep2015-141437.mdsbk.tar

Backing up and restoring in Management High Availability environment:

For more information:


  • Do not create or delete Domains or Domain Management ServersClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. until the backup operation completes.

  • It is important not to run the mds_backup command from directories that are not backed up.

    For example, when you back up a Multi-Domain Server, do not run the mds_backup command from the /opt/CPmds-<Current_Release>/ directory, because it is a circular reference (backup of directory, in which it is necessary to write files).

    Run the mds_backup command from a location outside the product directory tree to be backed up. This becomes the working directory.

  • The mds_backup command does not collect the active Security log file (*.log) and Audit log file (*.adtlog).

    This is necessary to prevent inconsistencies during the read-write operations.

    Best Practice - Perform a log switch before you start the backup procedure.

  • You can back up the Multi-Domain Server configuration without the log files.

    This backup is typically significantly smaller than a full backup with logs.

    To back up without log files, add this line to the file $MDSDIR/conf/mds_exclude.dat configuration file:


  • After the backup completes, copy the backup *.tar file, together with the mds_restore, and gtar binary files, to your external backup location.


mds_backup -h

mds_backup [-b [-d <Target Directory>] [-ds] [-g] [-i] [-l] [-L {all | best}] [-s] [-v]





Shows help text.


Batch mode - executes without asking anything (-g is implied).

-d <Target Directory>

Specifies the output directory.

If not specified explicitly, the backup file is saved to the current directory.

You cannot save the backup file to the root directory.


Disconnects all current sessions and discards their unpublished changes before the backup starts.


Executes without prompting to disconnect GUI clients.


Includes the Hit Count database in the backup:



Excludes logs from the backup.

-L {all | best}

Locks all databases before the backup starts.

  • -L all - Does not start the backup, if it is not possible to lock all databases

  • -L best - Starts the backup even if it is not possible to lock all databases


Stops Multi-Domain processes before the backup starts.


"Dry run" - Shows all files to be backed up, but does not perform the backup operation.


Excludes binary files from the backup.

The binary files are listed in the $MDSDIR/conf/mds_binaries_exclude.dat file.