I configure an automated backup job nightly via the Voyager GUI directly on the firewall. I then allow my management station to have ssh authorized key access to the Nokia firewall, and run an 'scp' from the management station (unix) later on to copy the backup files over. That could be any trusted box doing the copy via one of several methods, it doesn't have to be the management station or unix doing scp, but that works out well for me. If you also schedule a nightly export of your management station into a backup directory, then a tape backup of that management station contains the data to rebuild either the management station itself, or any of your firewalls you backed up, all on the same tape set that you're sending off site, which is nice from a DR standpoint.
I check the scp job to make sure the copy was successful, and if so, I delete the old backup files off the firewall so it doesn't continue to grow for disk space, or else send an e-mail to notify if the backup job failed. I also prune the number of backup copies on disk to just maintain a reasonable window of files for history on the backup box as well. Creating the ssh authorized key access from a single secured box, to all firewalls managed, gives you the ability to run the same commands as a "for" loop across all devices in a scheduled or repetitive manner. Whether that's for handling your backup processes, or to compile a file of all NIC configurations via ifconfig, or anything else you need for maintenance. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Luke Gogolkiewicz Sent: Monday, August 10, 2009 19:56 To: [email protected] Subject: [FW-1] Backup for Nokia devices Hi Guys, Just wondering what sort of backup solutions people are using out there, instead of Nokia Horizon Manager? Would like to backup 50+ Nokia devices (Discrete and VSX) and also would be nice to perform mass commands on all boxes aswell, ie: ifconfig -a on all boxes in the fleet. Thanks and Regards, Luke Gogolkiewicz ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= *************************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. **************************************************************************** Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
