Automate backup for Check Point devices without scripts

Restorepoint can use SCP, SSH, telnet and TFTP to retrieve the configuration.

Usage scenario: Restorepoint and SmartCenter failure

The Check Point SmartCenter is an integral component in a Check Point firewall deployment; it enables organisations to perform all aspects of security management via a single, unified console. However, even if the SmartCenter contains all the security policy information for all the gateways, it does not store critical configuration information about a SecurePlatform-based appliance, in particular:

• Gateway interface IP addresses (although this information is available in the SmartCenter, it cannot be "pushed" by the SmartCenter to the gateway)
• Routing tables
• SIC Certificates
• SSH keys
• Local Secureplatform administrator accounts

In practice, the SmartCenter can only install a security policy on a new gateway (for instance, in a disaster recovery scenario) after all the interfaces and routing tables have been configured, and the SIC trust have been established. In a disaster scenario where the SmartCenter server needs to be rebuilt from scratch, the lack of a full configuration backup could make the difference between being back up and running in a few minutes and an extended outage. For example, the lack of a backup of the SIC data will require re-initialising SIC on the SmartCenter, and reset/re-initialise SIC on all gateways (which causes a gateway restart).    Restorepoint performs a full configuration backup, and can restore on to a newly installed Secureplatform server, making it virtually identical to the original server before the failure.