Check Point Policy Backup Using Migrate Utility

Last updated: 19-12-2025

Introduction

Maintaining a secure network environment requires consistent backups of your Check Point Security Management Server (SMS) configuration. The migrate utility offers a powerful solution for exporting and importing your policy database, ensuring a smooth restoration process in case of unexpected events.

The migrate utility can be found in the $FWDIR/bin/upgrade_tools/ directory.

Benefits of Migrate Export and Import:

Seamless Disaster Recovery: In the event of a disaster, having a migrate export readily available allows for a swift restoration of your security configuration, minimizing downtime and getting your network back up and running quickly.
Future-Proof Backups: Unlike traditional backups tied to specific hardware, migrate exports are hardware-independent. This means you can restore your configuration to a completely different server without compatibility concerns, ensuring your security policies remain in effect regardless of hardware changes.
Comprehensive Configuration Capture: Migrate captures your entire Check Point configuration, encompassing essential elements like security policies (packages), VPN communities, objects, and licenses. This provides a complete security posture snapshot, eliminating the need for manual configuration recreation during restoration.

Migrate Export:

unset TMOUT

Check the services of management server

cpwd_admin list

It is recommended to stop all management services before database export

cpstop

Once the services are stopped, go to the migrate utility path

cd $FWDIR/bin/upgrade_tools/

Now run the export command

./migrate export /var/tmp/MGMT_Migrate_Export

Once the database export is completed, check the MD5 value

md5sum /var/tmp/MGMT_Migrate_Export.tgz

Now start all services

cpstart

Check whether all services started or not

cpwd_admin list

Now copy the exported file to a local system or FTP server

Migrate Import:

Copy the exported database file to the new management server

Always copy the exported file into /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/ or $FWDIR/bin/upgrade_tools/ directory. Both directories are the same.

unset TMOUT

Verify the MD5 value before import

md5sum $FWDIR/bin/upgrade_tools/MGMT_Migrate_Export.tgz

Once the MD5 is verified, stop all services

cpstop

Now run the import command

./migrate import $FWDIR/bin/upgrade_tools/MGMT_Migrate_Export.tgz

Once the database is imported successfully, start the Check Point services

cpstart

Check whether all services are started or not

cpwd_admin list

Conclusion:

The migrate utility provides a reliable and efficient approach to backing up and restoring your Check Point Security Management Server policy database. By incorporating this practice into your routine, you can ensure business continuity and minimize downtime during unforeseen circumstances. Following best practices such as stopping services before export and verifying file integrity strengthens your backup strategy.

This is an example of a migrate export and import operation. It is a best practice to execute cpstop before export or import, and cpstart after completion to start Security Management Server services.

Migrate Export and Import Example:

    [Expert@MGMT:0]# fw ver
This is Check Point's software version R81.10 - Build 883
[Expert@MGMT:0]#
[Expert@MGMT:0]# unset TMOUT
[Expert@MGMT:0]#
[Expert@MGMT:0]# clear
[Expert@MGMT:0]# fw ver
This is Check Point's software version R81.10 - Build 883
[Expert@MGMT:0]# unset TMOUT
[Expert@MGMT:0]# cpwd_admin list
APP        PID    STAT  #START  START_TIME             MON  COMMAND
CPVIEWD    16920  E     1       [11:29:50] 15/8/2022   N    cpviewd
CPVIEWS    16925  E     1       [11:29:50] 15/8/2022   N    cpview_services
CPD        16940  E     1       [11:29:50] 15/8/2022   Y    cpd
FWD        16997  E     1       [11:29:51] 15/8/2022   N    fwd -n
FWM        17004  E     1       [11:29:51] 15/8/2022   N    fwm
FWMHA      17027  E     1       [11:29:52] 15/8/2022   N    fwmha -H
STPR       17067  E     1       [11:29:52] 15/8/2022   N    status_proxy
CPM        17586  E     1       [11:29:58] 15/8/2022   N    /opt/CPsuite-R81.10/fw1/scripts/cpm.sh -s
SOLR       17796  E     1       [11:30:01] 15/8/2022   N    java_solr
RFL        17841  E     1       [11:30:02] 15/8/2022   N    LogCore
SMARTVIEW  17882  E     1       [11:30:02] 15/8/2022   N    SmartView
INDEXER    18017  E     1       [11:30:04] 15/8/2022   N    /opt/CPrt-R81.10/log_indexer/log_indexer
SMARTLOG_SERVER 18104  E     1       [11:30:06] 15/8/2022   N    /opt/CPSmartLog-R81.10/smartlog_server
REPMAN     18918  E     1       [11:30:18] 15/8/2022   N    java_repository_manager
DASERVICE  18937  E     1       [11:30:18] 15/8/2022   N    DAService_script
AUTOUPDATER 18961  E     1       [11:30:18] 15/8/2022   N    AutoUpdaterService.sh
CPSM       28986  E     2       [11:43:37] 15/8/2022   N    cpstat_monitor
[Expert@MGMT:0]# cpstop
cpwd_admin:
Process AUTOUPDATER terminated
cpwd_admin:
Process DASERVICE terminated
Stopping Repository Manager ...
Repository Manager stopped
UEPM: Endpoint Security Management isn't activated
Stop Search Infrastructure...
Stop Log Indexer...
cpwd_admin:
Process INDEXER (pid=18017) stopped with command "kill 18017". Exit code 0.
Stop SmartLog Server...
cpwd_admin:
Process SMARTLOG_SERVER (pid=18104) stopped with command "kill 18104". Exit code 0.
Stop SmartView ...
Stopping SmartView via CPWD
cpwd_admin:
Process SMARTVIEW terminated
cpwd_admin:
successful Detach operation
Stopping RFL ...
cpwd_admin:
Process RFL terminated
cpwd_admin:
successful Detach operation
RFL stopped
Stopping Solr ...
Sending stop command to Solr running on port 8210 ... waiting up to 60 seconds to allow Jetty process 17796 to stop gracefully.
cpwd_admin:
Process SOLR process has been already terminated
cpwd_admin:
successful Detach operation
Solr stopped
dbsync is not running
Stopping Log Adjuster Service...
SmartView Monitor: Management stopped
MAAS is not installed
FireWall-1: cpm stopped
FireWall-1: fwm stopped
VPN-1/FW-1 stopped
Stopping Critical Alerts Sensor
SVN Foundation: cpd stopped
Stopping cpviewd
cpwd_admin:
Process CPD process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process FWD process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process FWM process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process FWMHA process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process STPR process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process CPM process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process DASERVICE process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process AUTOUPDATER process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process CPSM process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin: cpWatchDog killed
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
[Expert@MGMT:0]# cd $FWDIR/bin/upgrade_tools/
[Expert@MGMT:0]# ./migrate export /var/tmp/MGMT_Migrate_Export


You are required to close all clients to Security Management Server
or execute 'cpstop' before the Export operation begins.

Do you want to continue? (y/n) [n]? y


Copying required files...
Compressing files...

The operation completed successfully.

Location of archive with exported database: /var/tmp/MGMT_Migrate_Export.tgz

[Expert@MGMT:0]# md5sum /var/tmp/MGMT_Migrate_Export
md5sum: /var/tmp/MGMT_Migrate_Export: No such file or directory
[Expert@MGMT:0]# md5sum /var/tmp/MGMT_Migrate_Export.tgz
eb85b14f305a2001601f1fae0eee8d39  /var/tmp/MGMT_Migrate_Export.tgz
[Expert@MGMT:0]# md5sum /var/tmp/MGMT_Migrate_Export.tgz
eb85b14f305a2001601f1fae0eee8d39  /var/tmp/MGMT_Migrate_Export.tgz
[Expert@MGMT:0]# cpstart

SVN Foundation: Starting cpWatchDog
Starting cpviewd
starting the cpview_services daemon
cpwd_admin:
Process CPVIEWS started successfully (pid=34086)
Starting Critical Alerts Sensor...
SVN Foundation: Starting cpd
SVN Foundation started
MAAS is not installed
FireWall-1: Starting fwd
FireWall-1: Starting cpm. Please wait...
[1] 34150
FireWall-1: Finished starting cpm successfully
FireWall-1: Starting fwm (Security Management Server)
Starting fwmha (Security Management Server High Availability)

FireWall-1: This is a Security Management server. No security policy will be loaded
FireWall-1 started
SmartView Monitor: Not active
Start Search Infrastructure...
pg_ctl: another server might be running; trying to start server anyway
pg_ctl: could not start server
Examine the log output.
cpwd_admin:
Process SOLR started successfully (pid=35005)
Starting RFL ...
cpwd_admin:
Process RFL started successfully (pid=35053)
Starting SmartView ...
Starting SmartView...
cpwd_admin:
Process SMARTVIEW started successfully (pid=35085)
Start Log Indexer...
cpwd_admin:
Process INDEXER started successfully (pid=35193)
Start SmartLog Server...
cpwd_admin:
Process SMARTLOG_SERVER started successfully (pid=35279)

No need to run Adjuster Service - no clients were found
UEPM: Endpoint Security Management isn't activated and will not be started
cpwd_admin:
Process DASERVICE started successfully (pid=36131)
cpwd_admin:
Process AUTOUPDATER started successfully (pid=36152)
cpstart: Power-Up self tests passed successfully

cpstart: Starting product - SVN Foundation


cpstart: Starting product - VPN-1


cpstart: Starting product - SmartView Monitor


cpstart: Starting product - SmartEvent


cpstart: Starting product - UEPM


cpstart: Starting product - Repository Manager


cpstart: Starting product - Deployment Agent


cpstart: Starting product - Auto Updater


cpstart: Starting product - VSX

[Expert@MGMT:0]# cpwd_admin list
APP        PID    STAT  #START  START_TIME             MON  COMMAND
CPVIEWD    34081  E     1       [12:06:17] 15/8/2022   N    cpviewd
CPVIEWS    34086  E     1       [12:06:17] 15/8/2022   N    cpview_services
CPD        34106  E     1       [12:06:18] 15/8/2022   N    cpd
FWD        34149  E     1       [12:06:19] 15/8/2022   N    fwd -n
FWM        34157  E     1       [12:06:19] 15/8/2022   N    fwm
FWMHA      34163  E     1       [12:06:19] 15/8/2022   N    fwmha -H
STPR       34186  E     1       [12:06:19] 15/8/2022   N    status_proxy
CPM        34744  E     1       [12:06:25] 15/8/2022   N    /opt/CPsuite-R81.10/fw1/scripts/cpm.sh -s
SOLR       35005  E     1       [12:06:28] 15/8/2022   N    java_solr
RFL        35053  E     1       [12:06:28] 15/8/2022   N    LogCore
SMARTVIEW  35085  E     1       [12:06:28] 15/8/2022   N    SmartView
INDEXER    35193  E     1       [12:06:30] 15/8/2022   N    /opt/CPrt-R81.10/log_indexer/log_indexer
SMARTLOG_SERVER 35279  E     1       [12:06:31] 15/8/2022   N    /opt/CPSmartLog-R81.10/smartlog_server
REPMAN     36114  E     1       [12:06:41] 15/8/2022   N    java_repository_manager
DASERVICE  36131  E     1       [12:06:41] 15/8/2022   N    DAService_script
AUTOUPDATER 36152  E     1       [12:06:41] 15/8/2022   N    AutoUpdaterService.sh
[Expert@MGMT:0]#

[Expert@MGMT:0]# fw ver
This is Check Point's software version R81.10 - Build 883
[Expert@MGMT:0]# unset TMOUT
[Expert@MGMT:0]# md5sum $FWDIR/bin/upgrade_tools/MGMT_Migrate_Export.tgz
eb85b14f305a2001601f1fae0eee8d39 /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/MGMT_Migrate_Export.tgz
[Expert@MGMT:0]# $FWDIR/bin/upgrade_tools/
bash: /opt/CPsuite-R81.10/fw1/bin/upgrade_tools/: Is a directory
[Expert@MGMT:0]#
[Expert@MGMT:0]# cpstop
cpwd_admin:
Process AUTOUPDATER terminated
cpwd_admin:
Process DASERVICE terminated
Stopping Repository Manager ...
Repository Manager stopped
UEPM: Endpoint Security Management isn't activated
Stop Search Infrastructure...
Stop Log Indexer...
cpwd_admin:
Process INDEXER (pid=35193) stopped with command "kill 35193". Exit code 0.
Stop SmartLog Server...
cpwd_admin:
Process SMARTLOG_SERVER (pid=35279) stopped with command "kill 35279". Exit code 0.
Stop SmartView ...
Stopping SmartView via CPWD
cpwd_admin:
Process SMARTVIEW terminated
cpwd_admin:
successful Detach operation
Stopping RFL ...
cpwd_admin:
Process RFL terminated
cpwd_admin:
successful Detach operation
RFL stopped
Stopping Solr ...
Sending stop command to Solr running on port 8210 ... waiting up to 60 seconds to allow Jetty process 35005 to stop gracefully.
cpwd_admin:
Process SOLR process has been already terminated
cpwd_admin:
successful Detach operation
Solr stopped
dbsync is not running
Stopping Log Adjuster Service...
SmartView Monitor: Management stopped
MAAS is not installed
FireWall-1: cpm stopped
FireWall-1: fwm stopped
VPN-1/FW-1 stopped
Stopping Critical Alerts Sensor
SVN Foundation: cpd stopped
Stopping cpviewd
cpwd_admin:
Process CPD process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process FWD process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process FWM process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process FWMHA process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process STPR process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process CPM process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process DASERVICE process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process AUTOUPDATER process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin:
Process CPSM process has been already terminated
cpwd_admin:
successful Del operation
cpwd_admin: cpWatchDog killed
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
[Expert@MGMT:0]#
[Expert@MGMT:0]# ./migrate import $FWDIR/bin/upgrade_tools/MGMT_Migrate_Export.tgz
The import operation will eventually stop all Check Point services (cpstop).
Do you want to continue? (y/n) [n]? y

Extracting the database...
Stopping all Check Point services (cpstop)...
cpwd_admin: Failed to submit request to cpWatchDog
cpwd_admin: Failed to submit request to cpWatchDog
Stopping Repository Manager ...
There is no Repository Manager process running.
UEPM: Endpoint Security Management isn't activated
Stop Search Infrastructure...
Stop Log Indexer...
Stop SmartLog Server...
Stop SmartView ...
Stopping RFL ...
RFL stopped
Stopping Solr ...
There is no process SOLR run.
dbsync is not running
Stopping Log Adjuster Service...
SmartView Monitor: Management stopped
MAAS is not installed
FireWall-1: cpm stopped
FireWall-1: fwm stopped
VPN-1/FW-1 stopped
Stopping Critical Alerts Sensor
SVN Foundation: failed to stop cpd
Stopping cpviewd
cpwd_admin: Failed to submit request to cpWatchDog
cpwd_admin: Failed to submit request to cpWatchDog
SVN Foundation: cpWatchDog is not running
SVN Foundation stopped
Importing files...

The import operation completed successfully.
Do you wish to start Check Point services? (y/n) [y]? y

[Expert@MGMT:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 51183 E 1 [12:29:29] 15/8/2022 N cpviewd
CPVIEWS 51188 E 1 [12:29:29] 15/8/2022 N cpview_services
CPD 51206 E 1 [12:29:30] 15/8/2022 Y cpd
FWD 51255 E 1 [12:29:32] 15/8/2022 N fwd -n
FWM 51259 E 1 [12:29:32] 15/8/2022 N fwm
FWMHA 51262 E 1 [12:29:32] 15/8/2022 N fwmha -H
STPR 51290 E 1 [12:29:32] 15/8/2022 N status_proxy
CPM 51864 E 1 [12:29:38] 15/8/2022 N /opt/CPsuite-R81.10/fw1/scripts/cpm.sh -s
SOLR 52064 E 1 [12:29:41] 15/8/2022 N java_solr
RFL 52112 E 1 [12:29:42] 15/8/2022 N LogCore
SMARTVIEW 52158 E 1 [12:29:42] 15/8/2022 N SmartView
INDEXER 52256 E 1 [12:29:43] 15/8/2022 N /opt/CPrt-R81.10/log_indexer/log_indexer
SMARTLOG_SERVER 52338 E 1 [12:29:45] 15/8/2022 N /opt/CPSmartLog-R81.10/smartlog_server
REPMAN 52972 E 1 [12:29:52] 15/8/2022 N java_repository_manager
DASERVICE 52992 E 1 [12:29:52] 15/8/2022 N DAService_script
AUTOUPDATER 53011 E 1 [12:29:52] 15/8/2022 N AutoUpdaterService.sh
[Expert@MGMT:0]#