CheckPoint Firewall Backup Script

The Check Point firewall running on SecurePlatform (SPLAT), contains two different mechanisms to backup the firewall configuration. Unfortunately both backup completely different file sets. Additionally, one is improperly documented and doesn’t appear to support customizations to the backup file name, and the other shuts down the Check Point daemons when you run the backup.

Needless to say when I set out to backup Check Point firewalls under SPLAT, I decided to write my own shell script to handle the duties. The script below is the outcome of that work. The setup goes as follows:

  1. Create the old logs directory:
    mkdir /var/oldlogs
  2. Create an ssh key without a passphrase (so that the session can be automated.)
    ssh-keygen -t rsa -b 3092
    Leave the passphrase blank if you intend to do this automated. Yes this is less secure but then again, automated backups are less secure.
  3. Copy the public key to your remote SSH server.
  4. Copy the script below to your firewall.
  5. Add any files or directories that you need to the FILES_TO_BACKUP variable. Note this step is important! This list works well for me but your mileage may vary.
  6. Add the make_backup command to your crontab. A line like the following works well. (Note that my system is in GMT time, thus the 11:00 am start time. This gets me 5:00 or 6:00 CST.)
    0 11 * * * /home/admin/make_backup
  7. Run the make_backup command manually.
  8. Test your backup by restoring it on another system and verifying functionality.

This script is set to use SCP to handle the file transfers for the sake of security. I have to note that I don’t guarantee any success in your actual application as I can’t guarantee the fitness of the script to your specific situation.

As always, use at your own risk and ALWAYS test your backups.

 

Leave a Reply

Your email address will not be published. Required fields are marked *