Hi Dave, I am not sure whether you are aware but R55/56 is no longer supported so you may not be able to raise a case with Checkpoint TAC. Unfortunately if you rebuild the management server and restore the backup that you currently have it will NOT realise that the enforcement module has a newer policy and allow you to restore from the gateway. If you do restore your backup and your firewall reboots etc it will try and fetch policy from the management server, in this case it may take the old policy. I am not sure how many changes you have made since your last backup or how big your environment is, but restoring that backup is probably going to be your best bet, short of starting from scratch. If the management server only manages one firewall you could take a "cpinfo" from the firewall and open it in "infoview" (not sure if this is publicly available). This will allow to view the gateways policy in smartdashboard and assist your in recreating any changes if you decide to restore from backup.
Is it a case that the hard disks from the management server are completely dead? If you can access the disks at all it may be possible to copy certain key files in order to restore your management! Regards Gareth On 6 March 2010 09:07, Dave Jones <[email protected]> wrote: > Hi, > I have a problem, the management station for our Checkpoint firewall > has died. Backups are not what they should be, the best one we have is > months old. > > If we restore the backup, will the management software realise that the > enforcement module (Nokia IP 350) has newer configuration, & download it, or > will it force us back to an old version of the rulebase? This is not > something I can test. > > We are able to ssh / sftp into the Nokia & have downloaded everything we > can find & have the rules.c which we are reverse engineering & does seem to > make sense. > > > any suggestions welcome, apart from ones about more backups. > > Thanks > > 'Dave' > > > > _________________________________________________________________ > Got a cool Hotmail story? Tell us now > http://clk.atdmt.com/UKM/go/195013117/direct/01/ > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
