Check Point Backup & Disaster Recovery

Restorepoint support Secureplatform-based appliances (such as UTM-1, Power-1, Connectra, server-based Secureplatform), IPSO-based appliances (formerly known as Nokia IP appliances) and Edge embedded devices.

Usage scenario: Restorepoint and SmartCenter failure

The Check Point SmartCenter is an integral component in a Check Point firewall deployment; it enables organisations to perform all aspects of security management via a single, unified console.

However, even if the SmartCenter contains all the security policy information for all the gateways, it does not store critical configuration information about a SecurePlatform-based appliance, in particular:

  1. Gateway interface IP addresses (although this information is available in the SmartCenter, it cannot be "pushed" by the SmartCenter to the gateway)
  2. Routing tables
  3. SIC Certificates
  4. SSH keys
  5. Local Secureplatform administrator accounts

In practice, the SmartCenter can only install a security policy on a new gateway (for instance, in a disaster recovery scenario) after all the interfaces and routing tables have been configured, and the SIC trust have been established.

In a disaster scenario where the SmartCenter server needs to be rebuilt from scratch, the lack of a full configuration backup could make the difference between being back up and running in a few minutes and an extended outage. For example, the lack of a backup of the SIC data will require re-initialising SIC on the SmartCenter, and reset/re-initialise SIC on all gateways (which causes a gateway restart). 
 
Restorepoint performs a full configuration backup, and can restore on to a newly installed Secureplatform server, making it virtually identical to the original server before the failure.