
Backup CheckPoint Firewall-1 Configurations


Part of CPFW1TK -- CheckPoint Firewall-1 Tool Kit
	by JP Vossen <jp@jpsdomain.org> http://www.jpsdomain.org/
	http://www.jpsdomain.org/security/tools.html#firewalls


As far as I know, this script will work for all versions of Firewall-1/VPN-1
up to and including Next Generation (AKA v5.x).


Instructions:


1. Create a "config save" directory, e.g. c:\Save-Configs and set good file
system permissions on it! If at all possible, this should be on the same
drive letter as your firewall software.

2.  Edit CPFWBack.cmd and set all the varables in the first section.

That's it. Run CPFWBack.cmd and make sure you get a ZIP file in your config
save directory with the right files in it. Note, the "!Latest" and
"CCYYMMDD-HHmm" files will be identical. As you run the script again,
"!Latest" will alway be your most current, and the "CCYYMMDD-HHmm" files
will build up. You can either leave them there, or delete older ones as you
wish.

CCYYMMDD-HHmm is the year, then month, then day, dash, the hour in 24-hour
time, then the minute, for example: 20001204-2350.

If the saved config file is small enough to fit on a floppy disk, you will
be prompted to insert one. The script will tell you how much free space must
be available. Read the comments in the code to see what is happening.



To Restore

1.  Find the version of the configuration you wish to restore.
	Hint: try unzip -l {filename} for a list of contents

2.  CD to the ROOT of the correct drive, e.g. c:\.

3.  Use the "unzip" command to unzip the correct file, e.g.:
	unzip 20001204-2350.Hostname.zip

4.  Follow the prompts as approriate to overwrite (or not) files.

For example:

	C:\>unzip C:\Config-Save\20001204-0032.Hostname.zip
	Archive:  C:/Config-Save/20001204-0032.Hostname.zip
	  inflating: Config-Save/Hostname.txt
	replace winnt/fw1/4.1/conf/default.W? [y]es, [n]o, [A]ll, [N]one, [r]ename: A



To Uninstall

1.  Delete the files listed below from the utility directory.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Known Issue

This script will not deal well with tools, config and Firewall directories
located on different drives. The zip/unzip tools do not save drive letters
in paths so restoring different files to different directories will not
work. Everything will be restored to whatever the CURRENT drive letter is.
The scripts will save everything OK, you will just have to manually move
some directories around if/when you need to do a restore.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Files

!CPFWBack.txt	This File
CPFWBack.cmd	The Script
unzip.exe	Unzipper
vdate.exe	UNIX "date" command
zip.exe		Zipper


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tools Used


Needs the following FREE (GNU GPL 2.x) programs:
  zip.exe    (ftp://ftp.freesoftware.com/pub/infozip/WIN32/zip23xN.zip)
  unzip.exe  (ftp://ftp.freesoftware.com/pub/infozip/WIN32/unz541xN.exe)
  vdate.exe  (http://home.flash.net/~dtribble/dos/vdate.exe)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CPFWBack Changes

See the top of CPFWBack.cmd (Windows) or CPFWBack.sh (UNIX).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last Updated: Fri Sep 14 16:02:51 2001
-- JP Vossen <jp@jpsdomain.org> http://www.jpsdomain.org/

