CP防火墙备份与还原

最新推荐文章于 2025-06-10 09:19:29 发布
最新推荐文章于 2025-06-10 09:19:29 发布
阅读量472 收藏
点赞数
CC 4.0 BY-SA版权
原文链接:http://www.cnblogs.com/networking/p/11156182.html
本文详细介绍了如何在防火墙系统中设置专家模式密码,使用专家模式进行系统备份,包括使用upgrade_export和migrate命令导出配置,以及通过WinSCP下载备份文件。此外,还提供了如何使用migrate命令进行系统配置的导入和还原步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Step1:进入专家模式

======================================================

如果没有设置专家模式的密码,执行下面命令进行设置:

BJ-OFFICE-GW> set expert-password
Enter new expert password:
Enter new expert password (again):
BJ-OFFICE-GW>

Step2:进入备份工具目录

======================================================

[Expert@BJ-OFFICE-GW:0]# cd $FWDIR

[Expert@BJ-OFFICE-GW:0]# cd bin/

[Expert@BJ-OFFICE-GW:0]# cd upgrade_tools/

[Expert@BJ-OFFICE-GW:0]# ls -l
total 73204
-rwxrwx--- 1 admin bin 377032 Oct 10 2018 del_revision_files
-rwxrwx--- 1 admin bin 266484 Oct 10 2018 gtar
-rwxrwx--- 1 admin bin 74116 Oct 10 2018 gzip
-rwxrwx--- 1 admin bin 6937092 Oct 10 2018 ips_upgrade_tool
-rwxrwx--- 1 admin bin 11713680 Oct 10 2018 migrate
-rwxrwx--- 1 admin bin 59429 Oct 10 2018 migrate.conf
-rwxrwx--- 1 admin bin 107 Oct 10 2018 plugin_pack.conf
-rwxrwx--- 1 admin bin 6127476 Oct 10 2018 plugin_pack_compare
-rwxrwx--- 1 admin bin 6276408 Oct 10 2018 plugin_upgrade_matcher
-rwxrwx--- 1 admin bin 18065 Oct 10 2018 ppidb.conf
-rwxrwx--- 1 admin bin 19385024 Oct 10 2018 pre_upgrade_verifier
-rwxrwx--- 1 admin bin 135320 Oct 10 2018 puv_report_generator
-rwxrwx--- 1 admin bin 11713680 Oct 10 2018 upgrade_export
-rwxrwx--- 1 admin bin 11713680 Oct 10 2018 upgrade_import
[Expert@BJ-OFFICE-GW:0]#

Step3:备份

======================================================

[Expert@BJ-OFFICE-GW:0]# ./upgrade_export SMC_20190709.tgz


You are required to close all clients to Security Management Server
or execute 'cpstop' before the Export operation begins.

Do you want to continue? (y/n) [n]? y


Copying required files...

The operation completed successfully.

Location of archive with exported database: /opt/CPsuite-R80/fw1/bin/upgrade_tools/SMC_20190709.tgz

说明:从R80.20后改命令已经没有,由migrate替代,具体用法如下:

migrate  export 导出

migrate  import 还原

[Expert@BJ-ZHX-FW:0]# ./migrate export SMC_20190714.tgz

You are required to close all clients to Security Management Server
or execute 'cpstop' before the Export operation begins.

Do you want to continue? (y/n) [n]? y


Copying required files...
Compressing files...

The operation completed successfully.

Location of archive with exported database: /opt/CPsuite-R80.20/fw1/bin/upgrade_tools/SMC_20190714.tgz

Step4:使用WINSCP进行下载

======================================================

[Expert@BJ-OFFICE-GW:0]# chsh -s /bin/bash
Changing shell for admin.
Shell changed.
[Expert@BJ-OFFICE-GW:0]#

 使用winscp登录FW,下载/opt/CPsuite-R80/fw1/bin/upgrade_tools/SMC_20190709.tgz文件即可。

Step5:还原

======================================================

将备份文件上传到升级备份目录,如下:

[Expert@BJ-ZHX-FW:0]# ./migrate import SMC_20190714.tgz
The import operation will eventually stop all Check Point services (cpstop).
Do you want to continue? (y/n) [n]? y


Extracting the database...
Stopping all Check Point services (cpstop)...
cpwd_admin:
Process DASERVICE terminated
Mobile Access: Stopping MoveFileDemuxer service (if needed)
Mobile Access: MoveFileDemuxer is not running
Mobile Access: Mobile Access blade is disabled or already shut down
Mobile Access: Push notification is disabled or already shut down
Mobile Access: Reverse Proxy for HTTP traffic is disabled or already shut down.
Mobile Access: Reverse Proxy for HTTPS traffic is disabled or already shut down.
Mobile Access: Successfully stopped Mobile Access services
UEPM: Endpoint Security Management isn't activated
Stop Search Infrastructure...
Stopping RFL ...
cpwd_admin:
successful Detach operation
Stopping Solr ...
cpwd_admin:
Process SOLR isn't monitored by cpWatchDog. detach request aborted
Stop SmartView ...
Stopping SmartView ...
cpwd_admin:
successful Detach operation
Stop Log Indexer...
cpwd_admin:
Process INDEXER (pid=13703) stopped with command "kill 13703". Exit code 0.
Stop SmartLog Server...
cpwd_admin:
Process SMARTLOG_SERVER terminated
dbsync is not running
evstop: Stopping product - SmartEvent Server
evstop: Stopping product - SmartEvent Correlation Unit
Check Point SmartEvent Correlation Unit is not running
Stopping SmartView Monitor daemon ...
SmartView Monitor daemon is not running
Stopping SmartView Monitor kernel ...
SmartView Monitor kernel stopped
FloodGate-1 is already stopped.
Set operation succeeded
FireWall-1: cpm stopped
FireWall-1: fwm stopped
Stopping sessions database
FireWall-1: disabling IPv4 forwarding and bridge forwarding
FireWall-1: FW-1 IPv6 kernel module is not loaded
SecureXL device disabled.
Stopping Critical Alerts Sensor
SVN Foundation: cpd stopped
SVN Foundation: multiportal daemon stopped
Stopping cpviewd
cpwd_admin:
Process HISTORYD terminated
cpwd_admin:
Process SXL_STATD terminated
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
Importing files...
generating INSPECT code for GUI Clients
initial_management:
Compiled OK.
initial_management:
Compiled OK.

The import operation completed successfully.
Do you wish to start Check Point services? (y/n) [y]? y

转载于:https://www.cnblogs.com/networking/p/11156182.html

防火墙(firewall)的操作命令相关操作
CP-Objeck的博客
06-11 1046
linux 防火墙firewall操作命令 安装:yum install firewalld 1、firewalld基本使用 启动: systemctl start firewalld 查看状态: systemctl status firewalld 禁止开机启动: systemctl disable firewalld 停止运行: systemctl stop firewalld 2.配置firewalld-cmd 查看版本: firewall-cmd --version 显示状态: firewall-c
Linux 下部署 SVN 服务器附备份还原详解
龙哥的运维博客
09-16 802
1安装操作系统 安装系统采用 CentOS-6.2/Database Server 2安装配置 apache SVN 1)数据包安装顺序:(安装包在 CentOS-6.2 盘的 Packages 目录下均可找到) a) apr-1.3.9-3.el6_1.2.i686.rpm b) apr-util-1.3.9-3.el6_0.1.i686.rpm c) httpd-2.2.15-...
Max Power CP Firewall Performance Optimization 2nd Edition
11-18
Max Power CP Firewall Performance Optimization 2nd Edition (CHECKPOINT 防火墙
CP防火墙升级和打补丁
weixin_30522095的博客
08-03 523
CP防火墙的升级和打补丁可以在命令行下操作,也可以在web ui下进行,CP的升级首先得升级Deployment Agent软件 Step1:升级Deployment Agent ============================================= 本例将R80.10 T479升级至T462 1.1.升级DeploymentAgent_000001671_1.tgz ...
HestiaCP防火墙管理完全指南
gitblog_01057的博客
06-10 333
HestiaCP防火墙管理完全指南 HestiaCP作为一款优秀的服务器控制面板,提供了完善的防火墙管理功能。本文将详细介绍如何在HestiaCP中配置防火墙规则、管理IP列表以及使用高级自定义功能。 防火墙规则基础操作 在HestiaCP中管理防火墙规则非常简单直观: 通过右上角的齿轮图标进入服务器设置 点击防火墙图标进入防火墙管理界面 使用添加规则按钮创建新规则 创建规则时需要注意以下几点...
linux、防火墙命令
YueYao_Sun的博客
05-30 134
linux操作命令
PXE+Clonezilla+NFS实现Linux系统的备份克隆
qq_34885184的博客
09-30 2759
将clonezilla的镜像挂载在/mnt目录 cp -a /mnt/live /var/lib/tftpboot/ cp -a /mnt/iso/live/filesystem.squashfs /var/www/html cp -a /mnt/syslinux/syslinux.cfg /var/lib/tftpboot/default
Linux防火墙iptables之SNATDNAT
sukapulai的博客
04-24 3035
目录 SNAT策略及应用 SNAT策略概述 开启SNAT的命令 临时打开 永久打开 SNAT转换1:固定的公网IP地址 SNAT转换2:非固定的公网IP地址(共享动态IP地址) SNAT案例 实验准备 配置网关服务器(192.168.217.254/12.0.0.254)的相关配置 配置外网服务器(12.0.0.12)的相关配置 修改客户端 ping一下网关和外网服务器 开启ip转发功能 实验内外网访问 配置网关服务器的iptables规则 小知识扩展 DNAT策略应用
linux进阶-MySQL使用mysqldump日常备份抢救性恢复
Nanjing_bokebi的博客
11-28 1057
MySQL数据库备份抢救性恢复 文章目录MySQL数据库备份抢救性恢复备份和恢复备份类型备份工具基于LVM的备份mysqldump工具mysqldump命令格式mysqldump常见通用选项mysqldump的MyISAM存储引擎相关的备份选项mysqldump的InnoDB存储引擎相关的备份选项生产环境实战备份策略重点实验1.实现完全备份还原实验准备实验开始2.mysqldump 和二进制...
【CentOS 7系统备份】:OpenSSH配置备份灾难恢复指南
![【CentOS 7系统备份】:OpenSSH配置备份灾难恢复指南]...本文系统地探讨了CentOS 7系统备份灾难恢复的全过程,从OpenSSH服务器的配置优化,到详尽的系统备
cp命令备份文件高级版
想练武,就得下功夫
01-25 865
cp命令备份文件高级版
CheckPoint防火墙和Juniper SRX对接IPsecVPN(基于策略和证书)
Qiq922的博客
08-17 890
CheckPoint防火墙和Juniper SRX对接配置IPsecVPN(基于证书)
CP的mgmt_cli toolSMC CLI用法
CHINAMSSP的博客
06-11 635
因客户版本升级未成功,所以考虑到手动添加策略和主机信息NAT,所以研究了下 准备把客户的防火墙信息写成脚本(ps:客户防火墙策略2000条起,所以才想的偷懒办法 写脚本) 首先得说下关于CP的mgmt_cli命令的语法 博客是在80.10的All in one里测试的 必须在 专家模式 专家模式 专家模式 上 执行 login 使用用户名和密码登录到服务器。服务器显示您的会话唯一标识符。在每个请求的“X-chkp-sid”报头中输入此会话唯一标识符。 Syntax mgmt_cli login
防火墙开发硬件选型
Walter的专栏
05-22 3410
网络设备最经常用到的,也是最重要的一个安全设备就是防火墙了。作为一款IT设备,无非两种选择方式。一种是购买品牌防火墙成品,另一种是自己DIY防火墙。两种方式各有自己的优劣,购买品牌防火墙最大的问题莫过于是投入较多的资金,却可以得到更多的后期维护。而自己 DIY防火墙的最大弊端就在于需要一个专业的人员来定制,还要投入更多的精力做后期的维护。     作为一个热血IT青年,自己DIY一个防火墙
安装配置CHECKPOINT防火墙
热门推荐
10-10 1万+
大纲 一、             首先明确两个概念二、             VPN/FW Moudule 或者 Managerment Server 在 WINDOWS上安装的最小需求三、             GUI Client在 WINDOWS上安装的最小需求四、             安装之前的准备工作五、             安装软件总过程六、 
http状态码_HTTP状态码
cunjiu9486的博客
10-04 690
http状态码HTTP is a stateless protocol where the session is managed by the upper-level applications. But HTTP protocol provides the status codes about the HTTP request. Every HTTP request will be respond...
Check Point R80.40 防火墙
Alex的博客
03-04 4978
Check Point 强!
awd数据库怎么备份
最新发布
07-19
- **恢复方法**:如果数据库受损,使用备份文件快速还原: ```bash # MySQL恢复示例 mysql -u 用户名 -p密码 数据库名 ``` - **最佳实践**: - **频率**:在AWD竞赛中,设置高频率备份(如每5分钟),因为攻击...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值