How to Take Backup in Check Point Firewall – Complete Guide

Last updated: 21-02-2026

Introduction

Regular backups are essential for any Check Point environment. A good backup lets you quickly recover from hardware failure, misconfiguration, upgrade issues, or ransomware attacks. Check Point provides multiple ways to back up both the Security Management Server (SMS) and Security Gateways.

This guide covers all standard backup methods for R80+ versions (including R81, R81.10, R81.20), with step-by-step instructions, best practices, and recovery tips.

Types of Backups in Check Point

  • Management Server Backup – Full backup of database, policies, objects, logs, certificates
  • Gateway Local Backup – Configuration snapshot of a single gateway
  • Configuration Export/Import – Text-based export for manual restore or migration
  • Scheduled Automatic Backups – Configured via SmartConsole or CLI

Always take a backup before major changes (upgrades, policy installs, migrations).

Backup Security Management Server (SMS) via GUI

  1. Log in to SmartConsole
  2. Go to Manage & Settings → Backups
  3. Click Create New Backup
  4. Choose backup type: Full Backup (recommended)
  5. Select destination: Local disk or remote server (FTP/SCP)
  6. Enter filename and path
  7. Click Backup Now

Backup file is saved as .tgz (tar.gz) with timestamp.

Backup SMS via CLI (Recommended)

On the Management Server:

migrate export -f /var/log/backup-full-$(date +%Y%m%d).tgz

This creates a full portable backup that can be used for restore or migration.

Use migrate export for disaster recovery — it includes everything needed to rebuild SMS.

Backup Individual Security Gateway

On the gateway CLI:

save config

Or for full snapshot: 

snapshot

Snapshot file is saved in /var/log/snapshots/.

Gateway snapshots are local only — copy to external storage.

Scheduled Automatic Backups

In SmartConsole:

  1. Manage & Settings → Backups → Scheduled Backups
  2. Enable scheduled backup
  3. Set frequency (daily/weekly)
  4. Choose destination (local or remote)
  5. Apply

CLI method (crontab on SMS): 

crontab -e
0 2 * * * /opt/CPsuite-R81/fw1/scripts/migrate export -f /var/log/auto-backup-$(date +\%Y\%m\%d).tgz

How to Restore from Backup

GUI Restore (partial):

  1. Manage & Settings → Backups → Import
  2. Select backup file
  3. Choose components to restore

Full SMS Restore (CLI): 

migrate import -f /var/log/backup-full-20250101.tgz

Full import overwrites current configuration — use only for disaster recovery.

Best Practices for Check Point Backups

  • Take backups before every major change (upgrade, migration, policy install)
  • Store backups off-site (external server, cloud storage)
  • Test restores periodically in lab environment
  • Keep at least 7–30 days of backups
  • Use versioned filenames with date
  • Monitor backup logs for errors

Conclusion

Regular backups are one of the most important tasks in Check Point administration. Use GUI for quick local backups, migrate export/import for full disaster recovery, and schedule automatic backups to stay protected.

Always verify your backup files are readable and complete. A good backup strategy saves hours (or days) during outages or failures.