Snapshots – YES you can clone

Well, CP says you can’t clone devices with snapshots.  They suggest cloning using GAIA commands like Cisco. Well….its not there yet. Its one of these deals where you export the GAIA commands, then import and the manually modify some stuff (hostname, IP, others ) and then import again. I’m not totally buying it because you make so many custom mods to these platforms in the kern_config, or new rpms, or log file sizes that GAIA does not capture it all.

First what is this good for:

  1. Appliance  A dies. You RMA appliance A-NEW of same model, disk, etc
  2. You are deploying 200 of models similar to Appliance A. Take a snapshot of A and then revert them on all 200 – update IPs and licenses. Easier than building from scratch.

I still think the best way is through snapshots…but it takes a few steps. In the photo below you can create a snapshot in WebUI. Then you can export. It will try and export to your PC which is good … but if the line is slow you can also grab the export from the /var/log/download file in case you want to archive to an FTP archive site.

On the clone device you can import doing the reverse. Its probably easiest fastest if you are directly connected…for example building a new clone to replace 1 or more devices. So lets say you get a new appliance replacement for an RMA and it comes with R75.40 and your clone snapshot is at R76.

  1. Export the /etc/sysconfig/network-scripts directory
  2. Import the snapshot file from your directly connection laptop
  3. Revert the the snapshot – You are now at R76
  4. Winscp the /etc/sysconfig/network-scripts directory from your laptop to the new clone appliance. It has all the MAC addresses from the new hardware’s NICs.
  5. reboot
  6. Done

snapshot

Read this To import and export snapshots from GAIA.

A little trick someone showed me (Thanks Gary!)  was in a cluster to keep snapshots of both members ON both members. Then if member A dies, you can import the snapshot from Member B quickly.

VSX Is Special. The Warp Interfaces need a special seed value in the registry.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk55980

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk80320&js_peid=P-114a7bc3b09-10006&partition=Advanced&product=VSX,

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Serge  On November 7, 2013 at 7:14 pm

    wonder if u really tried to export/import snapshot in Gaia?
    Asking ’cause tried to do it on 4800 & Smart-1 appliances (Gaia R75.45) & it failed spectacularly on both. No errors during export/import, but when appliance boots up using imported image it fails to find a valid file system on the disk & bails out with kernel panic error. If it’s booted using the same local (not exported/imported) image reverts works fine. Obviously this poses a problem.
    Opened CP case, but no good news yet from TAC….
    Will b testing same on R77 soon as that’s the upgrade path we will b taking
    Cheers

    • Dreezman  On November 7, 2013 at 7:23 pm

      hmmmmmm…. I did it on 2200 appliances. I know we booted off the image because the networkconfig directory was had the snapshot data in it, not the original.

      Sorry but I don’t have the time to verify on 4800’s. But let me/us know your progress this is of interest.

      Thanks for contribution!!
      dreez

      • Dreezman  On November 7, 2013 at 7:31 pm

        did you try to import back to the original and boot the import?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: