RE: [fw-wiz] Backup Checkpoint Firewall
From: Paul Melson (psmelson_at_comcast.net)
Date: 05/17/05
- Previous message: Erick Mechler: "Re: [fw-wiz] Backup Checkpoint Firewall"
- In reply to: Nathaniel Hall: "Re: [fw-wiz] Backup Checkpoint Firewall"
- Next in thread: John Adams: "Re: [fw-wiz] Backup Checkpoint Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <halln@otc.edu>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 17 May 2005 13:48:22 -0400
Problem #2 is easy:
echo | upgrade_export
Problem #1 is not so easy, or at least not so straightforward. You can see
who is connected by using SmartView Status and clicking on the 'Management'
object - connected clients appear in the Details pane. Automating this in a
batch file isn't particularly feasible, so you have to use something like
'cpstop' (or use 'net stop ...' to kill the Windows service, if your
management server is running on Windows).
If your firewall and management server run on the same box, running 'cpstop'
will cause problems. If this is the case, I would recommend that you
manually verify that there are no client connections and run upgrade_export
manually when there are policy changes. If you have to automate it, you can
choose to hope that nobody is logged in and then use the upgrade checker
(http://www.checkpoint.com/techsupport/downloadsng/utilities.html#upgrade_ve
rify) to verify the integrity of the upgrade_export file after the fact.
Typically, clients holding tables open won't prevent upgrade_export from
working properly unless there is a particular row locked by the client, for
instance if someone is running dbedit.
PaulM
-----Original Message-----
Subject: Re: [fw-wiz] Backup Checkpoint Firewall
Thanks for the input. My next problem is with upgrade_export it says the
following:
"You are required to close all Check Point clients before the export begins.
If the export fails, stop Check Point services and run the upgrade_export
command again. Press ENTER when ready.."
Problem 1) How can I ensure all clients are closed? My first thought
was to run cpstop, but my coworker said it used to
only stop the Dashboard, but now it stops everything. That is a problem
since backups are going on at the same time.
Problem 2) Press ENTER when ready. How would I do that in a batch
file?
I know this is not the best place for problem 2, but it is still a problem.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Erick Mechler: "Re: [fw-wiz] Backup Checkpoint Firewall"
- In reply to: Nathaniel Hall: "Re: [fw-wiz] Backup Checkpoint Firewall"
- Next in thread: John Adams: "Re: [fw-wiz] Backup Checkpoint Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
