How to configure automatic backups in SecurePlatform

Automatic backups

This guide describes how to configure scheduled automatic backups with remote file transfer to an SCP/FTP server.

Backup and restore commands

SecurePlatform provides both command line, or Web GUI, capability for conducting backups of your system settings and products configuration.

The backup utility can store backups either locally on the SecurePlatform machine hard drive or to an FTP server, TFTP server or SCP server. You can perform backups on request, or according to a predefined schedule.

Backup files are kept in tar gzipped format (.tgz) . Backup files, saved locally, are kept in/var/CPbackup/backups .

The restore command line utility is used for restoring SecurePlatform settings, and/or Product configuration from backup files.

Note - Only administrators with Expert permission can directly access directories of a SecurePlatform system. You will need the Expert password to execute the restore command.

The backup & restore commands are provided in SecurePlatform to provide a simple way to perform a complete backup of the Check Point configuration as well as the SecurePlatform OS settings. You can also copy backup files to a number of SCP and TFTP servers for improved robustness of backup. The backup command, run by itself, without any additional flags, will use default backup settings and will perform a local backup.

Syntax

backup -hbackup [-h] [-d] [-l] [--purge DAYS] [--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off]
[--tftp [-path ] []]
[--scp [-path ] []]
[--ftp [-path ] []]
[--file [-path ] []]

Backup parameters

parameter	meaning
-h	obtain usage
-d	debug flag
-l	flag enables backup of the Check Point Security Gateway log (By default, logs are not backed up.)
-p or --purge	delete old backups from previous backup attempts
[--sched [on hh:mm <-m DayOfMonth> | <-w DaysOfWeek>] | off]	schedule interval at which backup is to take place On - specify time and day of week, or day of month Off - disable schedule
--tftp [-path ][]	List of IP addresses of TFTP servers, to which the configuration will be backed up, and optionally the filename.
--scp [-path ] []	List of IP addresses of SCP servers, to which the configuration will be backed up, the username and password used to access the SCP Server, and optionally the filename.
--ftp [-path ] []	List of IP addresses of FTP servers, to which the configuration will be backed up, the username and password used to access the FTP Server, and optionally, the filename.
--file [-path ]	When the backup is performed locally, specify an optional filename

Note - If a Filename is not specified, a default name will be provided with the following format:
backup_hostname.domain-name_day of month_month_year_hour_minutes.tgz

For example: \backup_gateway1.mydomain.com_13_11_2003_12_47.tgz

Examples

backup –file –path /tmp filename

Puts the backup file in (local) /tmp and names it filename

backup

–tftp -path tmp

–tftp -path var file1

–scp username1 password1 –path /bin file2

–file file3

--scp username2 password2 file4

--scp username3 password3 –path mybackup

The backup file is saved on:

1. TFTP server with ip1, the backup file is saved in the tmp directory (under the TFTP server default directory – usually /tftproot) with the default file name – backup_SystemName_TimaStamp.tgz
2. TFTP server with ip2 , the backup file is saved on var (under the TFTP server default directory – usually/tftproot) as file1
3. SCP server with ip3 , the backup file is saved on /bin as file2
4. locally on the default directory (/var/CPbackup/backups) as file3
5. SCP server with ip4 on the username2 home directory as file4
6. SCPserver with ip5 on ~username3/mybackup/ with the default backup file name

Configuring automatic backups

For this tutorial we will use the following settings:

item	value
FTP Server	10.22.2.99
FTP Username	mikem
FTP Password	vpn123
Backup Schedule	Every Sunday @ 01:00

To list the active backup schedules:

1. Login to the SecurePlatform machine in Expert Mode.
2. Run cat /var/CPbackup/conf/backup_sched.conf to verify that there are no currently configured automatic backups that you will be overwriting.
   If it returns with a "file not found" error or if it returns back to the command prompt without showing any details, then there are no automatic backups currently configured.

   

   Here we see that the backup configuration file has not yet been created, so we can move on to setting up the automatic backup.

To configure the automatic backup schedule:

1. Using our example configuration, run the following command:
   backup --sched on 01:00 -w 7 --ftp 10.22.2.99 mikem vpn123
2. Run cat /var/CPbackup/conf/backup_sched.conf to list the backup configuration file.

   The configuration file has been created.

   

You can also view crontab to see that backup_util sched is in the list of scheduled jobs. Crontab is the process that handles running scheduled jobs.

To list the scheduled jobs in crontab:

• Run crontab -l .

  

  You can see that SecurePlatform backup is configured to run every Sunday at 01:00am and transfer the file to the FTP server we defined.