The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: Files to backup in FireWall-1 4.1 and earlier

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


The following files are considered important and should be backed up regularly.

On the mangement console, this is:

$FWDIR/conf/fw.license
$FWDIR/conf/objects.C
$FWDIR/conf/*.W
$FWDIR/conf/rulebases.fws
$FWDIR/conf/fwauth.NDB*
$FWDIR/conf/fwmusers
$FWDIR/conf/gui-clients
$FWDIR/conf/product.conf
$FWDIR/conf/fwauth.keys
$FWDIR/conf/serverkeys.*

On the firewall module, this is:

$FWDIR/conf/fw.license
$FWDIR/conf/product.conf
$FWDIR/conf/masters
$FWDIR/conf/fwauth.keys
$FWDIR/conf/smtp.conf
$FWDIR/conf/fwauthd.conf
$FWDIR/conf/fwopsec.conf
$FWDIR/conf/serverkeys.*
$FWDIR/conf/external.if

You should also backup any file you may have modified in $FWDIR/lib. If you are going to be upgrading, it is not wise to copy an older version of one of these files over a newer version. If you are running Windows NT and doing static address translation, also backup $FWDIR/state/local.arp.

If the firewall goes completely south, you can re-install to the same patch level as you were running before and copy in the existing configuration files with the firewall stopped. You'll have to re-install your security policy, but it's better than having to completely reset up your firewall rules and network objects.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.