CheckPoint使用upgrade_export 和upgrade_import两个工具进行SmartCenter 的备份和
恢复,两个工具位于SmartCenter的$FWDIR/bin/upgrade_tools/目录下。备份文件可以通过
ftp 或其他方式上传到ftp 服务器或网络共享空间,以便保管。 格式:
[Expert@Smart-1]#./upgrade_export 文件名.tgz#备份工具,备份文件存放在当前目录下
[Expert@Smart-1]#./upgrade_import 文件名.tgz#恢复工具
首先通过 ssh登录 Smart-1命令行,进入 expert 模式,备份和恢复过程如下:
备份SmartCenter
[smc2]#
[smc2]#expert#进入 expert 模式
Enter expertpassword:
Youareinexpert modenow. [Expert@smc2]#cd$FWDIR [Expert@smc2]#cdbin [Expert@smc2]#cdupgrade_tools/ [Expert@smc2]#pwd
/opt/CPsuite-R75/fw1/bin/upgrade_tools
[Expert@smc2]#ls-l total52036
-rw-rw----1rootroot33611807Apr1912:06 20110419.tgz
-rwxrwx---1rootbin6516752Dec1613:33migrate
-rwxrwx---1rootbin26523Dec1613:31 migrate.conf
-rwxrwx---1rootbin6516752Dec1613:33upgrade_export#备份工具
-rwxrwx---1rootbin6516752Dec1613:33upgrade_import#恢复工具
[Expert@smc2]#./upgrade_exportSMC_20110421.tgz#执行备份工具,指定备份文件名
Youarerequiredto closeallclientsto SecurityCenter
or execute'cpstop'beforetheExportoperationbegins. Press'Enter'to continue.#按回车继续
2011CheckPointSoftwareTechnologiesLtd.Allrightsreserved
.
Copyingrequiredfiles... Compressingfiles...
Theoperationcompletedsuccessfully.
Location of archive with exported database:
/opt/CPsuite-R75/fw1/bin/upgrade_tools/SMC_20110421.tgz #备份成功,并生成文件
[Expert@smc2]#ls-l total86412
-rw-rw----1rootroot33611807Apr1912:06 20110419.tgz
-rw-rw----1rootroot35158261Apr2114:33 SMC_20110421.tgz#备份文件
-rwxrwx---1rootbin6516752Dec1613:33migrate
-rwxrwx---1rootbin26523Dec1613:31 migrate.conf
-rwxrwx---1rootbin6516752Dec1613:33upgrade_export
-rwxrwx---1rootbin6516752Dec1613:33upgrade_import
恢复SmartCenter
[smc2]#expert
Enter expertpassword:
Youareinexpert modenow. [Expert@smc2]#cd$FWDIR [Expert@smc2]#cdbin [Expert@smc2]#cdupgrade_tools/ [Expert@smc2]#pwd
/opt/CPsuite-R75/fw1/bin/upgrade_tools
[Expert@smc2]#ls-l total86412
-rw-rw----1rootroot33611807Apr1912:06 20110419.tgz
-rw-rw----1rootroot35158261Apr2114:33 SMC_20110421.tgz
-rwxrwx---1rootbin6516752Dec1613:33migrate
-rwxrwx---1rootbin26523Dec1613:31 migrate.conf
-rwxrwx---1rootbin6516752Dec1613:33upgrade_export
2011CheckPointSoftwareTechnologiesLtd.Allrightsreserved
-rwxrwx---1rootbin6516752Dec1613:33upgrade_import
[Expert@smc2]#./upgrade_importSMC_20110421.tgz#恢复备份
Extractingthedatabase...
TheimportoperationwillstopallCheckPointservices(cpstop). Doyouwantto continue?(y/n) [n]?y
evstop: Stoppingproduct-SmartEventCorrelationUnit#停止 CheckPoint服务
CheckPointSmartEventCorrelationUnitstopped
StoppingSmartReporter...
StoppingtheSmartReporterServer.
StoppingtheSmartReporterLogConsolidator. StoppingSmartReporterDatabase.
Note:Databaseshutdowntakesafewminutes.rmdstartwillfailwhile
shutdownisinprogress.
SmartViewMonitor:Managementstopped FireWall-1:UserCheckserverisnotrunning VPN-1/FW-1stopped
SVN Foundation:cpdstopped
Multiportaldaemon:mpdaemonstopped
SVN Foundation:cpWatchDogstopped
SVN Foundation:StoppingPostgreSQLDatabase
SVN Foundationstopped
Importingfiles...
Theimportoperationcompletedsuccessfully.
DoyouwishtostartCheckPointservices?(y/n) [y]?#成功恢复,启动 CheckPoint服务
[Expert@smc2]#
==================================================================
SmartCenter恢复注意事项
如果将备份文件恢复到新的SmartCenter,需保持新SmartCenter和原SmartCenter的主 机名和IP地址一致,因在分布式布署模式下CheckPoint的License绑定SmartCenter的IP地 址,若新SmartCenter 的IP不一样,将无法登录,会提示没有可用的license
恢复过程将覆盖新SmartCenter的管理帐户和GUI,因此恢复后,登录新SmartCenter 需 使用原SmartCenter的用户名密码,
恢复后的SmartCenter不需要重建防火墙的SIC,可以直接管理防火墙,建议执行TestSIC Status,确保SmartCenter与防火墙的连通性
转载于:https://blog.51cto.com/ydnetsec/1841329
919
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
