Checkpoint Policy, Database and Policy Rollback – R80

mucholoco Leave a comment

Unfortunately this blog has passed away (don’t worry it was peaceful), but just like Jesus we have a resurrection, go take a peak at the future https://theworldsgonemad.net/2017/checkpoint-policy-rollback/

Publish: Sends all SmartConsole modifications to other administrators to make all the changes you made in a private session public.

Install the database: Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base. Updates are installed on management and log servers.

Install a policy (rule base): The Security Management Server installs the updated policy and the entire database on Security Gateways (even if you did not modify any network objects).

Before you publish a session you cant see the changes in audit log but can discard them. Once published you can see the changes in the audit log but can no longer discard the changes. A major shortfall that in my view checkpoint need to address.

Manage & Settings –> sessions: Shows whose logged in and the number of changes made.

You can view all changes in the audit log or see specific revision changes from within Manage & Settings –> Revisions

Purge will delete all revisions up to one selected, so I don’t see any real use for it.rollback-1

In older code you could restore a complete policy including objects (by making a backup). However in R80 only the policy (rulebase) is rolled back, changes to objects (new nodes or group membership) are not.

Revert policy only on Gateway

Security Polices >>> Access Tools >>> Installation History

Will install the selected Rule Base on the gateway, however it doesn’t modify it on the management server. This is useful if want to rollback but keep the rules on the manager so can edit and reinstall. If you don’t make any further changes, the next policy push will once again install the changes on the gateway.

rollback-2

Revert policy on Gateway and Manager

Security Polices >>> Access Control>>> Policy >>> Actions >>> History

This will revert the Rule Base on both the gateway and manger, however still doesn’t revert any changes made to nodes or object membership (the database).
This can be done for the whole policy, or individually for either just the Firewall Policy or Application Control Policy.

rollback-3

A few useful posts regards rollback:

https://community.checkpoint.com/thread/1262
https://community.checkpoint.com/thread/5098
http://www.tech-wiki.net/index.php?title=Useful_Check_Point_CLI_commands

Leave a comment