Re: Checkpoint disaster Recovery

From: Mike Vore (mvore_at_ix.dot.netcom.dot.com.dot)
Date: 10/07/03 

Date: Tue, 07 Oct 2003 17:02:04 GMT

On Tue, 7 Oct 2003 16:41:13 +0100, Aliensurfer <alien@mbf7.NOSPAM.freeserve.co.uk> wrote:
>
>
> Hi all,
>

> We have two Checkpoint firewalls one NG and one 4.1. I've been
> given the task of writing a disaster recovery procedure should
> everything go belly up. Does anybody have an diea of where to
> start? I've noted the rules, the object IP's, the NAT, the license.
> Is there anything else? I basically need to be able to recover from
> scratch and prepare for the worst case scenerio ie no backups
> available either.

A recovery with no backup!? I'm assuming that there are no tapes you
can backup onto.

You do seem to have a basic idea of what you need. I'd start by
making a backup (onto floppy if needed) of the entire conf and state
directories. Then make a copy of the $FWDIR tree, not necessarily the
files- so you know where things go. Also have copies of the license
handy. You probably also need copies of .../etc/hosts and the routing
table - in short - everything you need to put each of the boxen online
as working systems without the firewall.

Do this for each firewall. Then find an unused machine(s) and build
yourself both firewalls from scratch and put them online - document
ALL the steps to get them running. Remember the three basic (and
necessary) steps to getting a firewall (any brand) working - 1) the
Hardware (NICs, CAT5 cables) & O/S (patches, user/password) 2)
Networking (etc/hosts, routing), 3) and finally, only after the first
two steps are proven, the firewall.

Then probably try to keep your just built "Hot Spare" put away
somewhere no one will touch it. This one would be configured for the
most important system - ready to swap in with the least delay. Keep it
in storage - turned off, you don't want to have it fry on the same surge
that frys the on-line machine.

mike 

-- 
 Michael Vore, W3CCV       M-ASA [Ka8]; WHIRL, ABC; CAW, CW, AAW
      http://mike.vorefamily.net/ohmywoodness   <-Custom Woodworking
      http://mike.vorefamily.net/thewoodenradio <-The weblog

Relevant Pages

  • Re: Checkpoint disaster Recovery
    ... >> given the task of writing a disaster recovery procedure should ... > can backup onto. ... > as working systems without the firewall. ... > in storage - turned off, you don't want to have it fry on the same surge ...
    (comp.security.firewalls)
  • Re: copying the hidden XP recovery partition
    ... containing a copy of XP Pro and what is called the "Product Recovery ... Not only would you "lost the only copy of the OS" should your HDD "go ... backup system that you would employ on a routine basis; ... I was wondering how you can copy the hidden Recovery disk ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: WindowsXP slower after reinstall.
    ... Did you install the drivers for your motherboard, ... >>> this I can reinstall them from backup. ... >> Did you get on the Internet unprotected by a firewall or antivirus? ... >> Direct Download of Service Pack 2 for Windows XP ...
    (microsoft.public.windowsxp.basics)
  • Re: How can I back up a log-shipped database?
    ... This means that a later log backup from the production database will not just be ... able to add the log records to the log-shipped database, because the transaction log has been ... It's clear I don't understand the whole RECOVERY business. ...
    (microsoft.public.sqlserver.server)
  • Re: Task Scheduler service - access is denied
    ... > preparation for doing the recovery from backup, ... Further, my backup software (Stomp's ... >>>Microsoft MVP (Windows Server System: ...
    (microsoft.public.windowsxp.security_admin)