Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Configuring Snapshot Management - CLI (snapshot)

Description

Manage system images (also known as snapshots)

Syntax

To make a new image:

add snapshot VALUE desc VALUE

To delete an image

delete snapshot VALUE

To export or import an image, or to revert to an image:

set snapshot export VALUE path VALUE name VALUE
set snapshot import VALUE path VALUE name VALUE
set snapshot revert VALUE

To show image information

show snapshot VALUE all
show snapshot VALUE date
show snapshot VALUE desc
show snapshot VALUE size
show snapshots

Parameters

Parameter

Description

snapshot VALUE 

Name of the image

desc VALUE

Description of the image

snapshot export VALUE

The name of the image to export

snapshot import VALUE

The name of the image to import

path VALUE

The storage location for the exported image. For example: /var/log

name VALUE

The name of the exported image (not the original image).

all

All image details

 

Comments

  • To create the snapshot image requires free space on the Backup partition. The required free disk space is the actual size of the root partition, multiplied by 1.15.
  • The free space required in the export file storage location is the size of the snapshot multiplied by two.
  • The minimum size of a snapshot is 2.5G, so the minimum free space you need in the export file storage location is 5G.
  • You must not rename the exported image. If you rename a snapshot image, it it not possible to revert to it.

Download SmartConsole

You can download the SmartConsole application package from a Gaia Security Management Server to your WebUI client computer. After downloading the package you can install it and use it to connect to the Security Management Server.

Download SmartConsole - WebUI

To download the Check Point SmartConsole applications installation package:

  1. In the tree view, select one of:
    • Overview. At the top of the page, click Download Now!
    • Maintenance > Download SmartConsole.
  2. Click Download.

Hardware Health Monitoring

You can monitor these hardware elements:

  • Fan sensors—Shows the fan number, status, and value.
  • System Temperature sensor
  • Voltage sensors
  • Power Supply (on machines that support it)

Showing Hardware Health Monitoring Information - WebUI

In the navigation tree, click Maintenance > Hardware Health.

You can see the status of the machine fans, system temperature, the voltages, and (for supported hardware only) the power supply.

Note - The Hardware Health Monitoring page only appears for supported hardware.

For each component sensor, the table shows the value of its operation, and the status: OK, Low, or High.

  • To see the health history of a component, select the component sensor. A graph shows the values over time.
  • To change the time intervals that the graph shows, click the Minute arrows.
  • To view different times, click the Forward/Backward arrows.
  • To refresh, click Refresh.

Showing Hardware Monitoring Information - CLI (sysenv)

Description

These commands display the status for various system components. Components for which the status can be displayed include temperature, voltage, power supplies, and fans. The command returns status only for installed components.

Syntax

To display all system status information:

show sysenv all
 

To display all system component information:

show sysenv fans
show sysenv ps
show sysenv temp
show sysenv volt

Parameters

Parameter

Description

ps

Power Supply (for supported hardware only)

 

Example

show sysenv all

Output

gw-3002f0> show sysenv all
 
Hardware Information
 
Name   Value    unit      type     status  Maximum  Minimum
+12V   29.44    Volt      Voltage    0      12.6      11.4
+5V     6.02    Volt      Voltage    0      5.3       4.75
VBat    3.23    Volt      Voltage    0      3.47      2.7
 

Showing Hardware Information - CLI (show asset)

Description

Shows information about the hardware on which Gaia is installed. The information shown depends on the type of hardware. Common types of information shown are:

  • Serial number
  • Amount of physical RAM
  • CPU frequency
  • Number of disks in the system
  • Disk capacity
 

Syntax

show asset all
show asset
show asset <category name>

 

Parameters

Parameter

Description

all

Show all available hardware information. The information shown depends on the type of hardware.

Show a list of asset categories, such as system and disk. The available categories depend on the type of hardware.

<category name>

Show available information for a specific category

 

 

Example 1

clish> show asset 

Output 1

system all
 

Example 2

clish> show asset all

Output 2

Platform: Check Point 4400
Serial Number: abcdefghijklmn
CPU Frequency: 26O0Mhz
Disk Size: 250GB 
 

Shutdown

There are two ways to shut down:

  • Reboot: Shut down the system and then immediately restart it.
  • Halt: Shut down the system.

Shutting Down - WebUI

To shut down the system and then immediately restart it:

  1. In the tree view, click Maintenance > Shut Down.
  2. Click Reboot.

To shut down the system:

  1. In the tree view, click Maintenance > Shut Down.
  2. Click Halt.

Shutting Down - CLI (halt, reboot)

To shut down the system and then immediately restart it:

Run the reboot command.

To shut down the system:

Run the halt command.

System Configuration Backup

Note - This feature is available in a R75.40 Gaia Feature Release (Gaia+) clean installation. It is not available when upgrading to R75.40 Gaia.

  • Back up the configuration of the Gaia operating system and of the Security Management Server database. You can use the backup to restore a previously saved configuration. The configuration is saved to a .tgz file. You can store backups locally, or remotely to a TFTP, SCP or FTP server. You can run the backup manually, or do a scheduled backup.
  • Save your Gaia system configuration settings as a ready-to-run CLI script. This lets you quickly restore your system configuration after a system failure or migration.

    Note - You can only do a migration using the same Gaia version on the source and target computers.

Backing Up and Restoring the System - WebUI

To add a backup:

  1. In the tree view, click Maintenance > System Backup
  2. Click Add Backup.

    The New Backup window opens.

  3. Select the location of the backup file:
    • This appliance
    • TFTP server. Specify the IP address.
    • SCP server. Specify the IP address, user name and password.
    • FTP server. Specify the IP address, user name and password.

To restore from a backup:

  1. In the tree view, click Maintenance > System Backup.
  2. Select the backup file and click Restore Backup.

To delete a backup

  1. In the tree view, click Maintenance > System Backup.
  2. Select the backup file and click Delete.

Backing Up and Restoring the System - CLI (Backup)

Backing Up a Configuration

Description

Use these commands to create and save the system's configuration

Syntax

To create and save a backup locally:

add backup local
 

To create and save a backup on a remote server using FTP:

add backup ftp ip VALUE username VALUE password plain
 

To create and save a backup on a remote server using TFTP:

add backup tftp ip VALUE 
 

To save a backup on a remote server using SCP:

add backup scp ip VALUE username VALUE password plain
 

Parameters

Parameter

Description

ip VALUE

The IP address of the remote server.

username VALUE

User name required to log in to the remote server.

password plain

At the prompt, enter the password for the remote server.

 

Example

add backup local

Output

gw> add backup local
Creating backup package. Use the command 'show backups' to monitor creation progress.
 
gw> show backup status
Performing local backup
 
gw> show backups
backup_gw-8b0891_22_7_2012_14_29.tgz Sun, Jul 22, 2012 109.73 MB
 

Comments

Backup configurations are stored in: /var/CPbackup/backups/

Restoring a Configuration

Description

Use these commands to restore the system's configuration from a backup file.

Syntax

To restore a backup from a locally held file:

set backup restore local <TAB> 

To restore a backup from a remote server using FTP:

set backup restore ftp ip VALUE file VALUE username VALUE password plain

To restore a backup from a remote server using TFTP:

set backup restore tftp ip VALUE file VALUE

To restore a backup from a remote server using SCP:

set backup restore scp ip VALUE file VALUE username VALUE password plain
 

Parameters

Parameter

Description

local <TAB>

The <TAB> does an auto-complete on the name and location of the backup file.

ip VALUE

The IP address of the remote server.

file VALUE

The location and name of the file on the remote server.

username VALUE

User name required to log in to the remote server.

password plain

At the prompt, enter the password for the remote server.

 

Comments

To apply the new configuration, you must reboot.


Note - To quickly restore the Gaia OS configuration after a system failure or migration, use the configuration feature.

Monitoring Backup Status

To monitor the creation of a backup:

show backup status

To show the status of the last backup performed:

show backups

Configuring Scheduled Backups - WebUI

To add a scheduled backup:

  1. In the tree view, click Maintenance > System Backup.
  2. Click Add Scheduled Backup. The New Scheduled Backup window opens.
  3. In Backup Name, enter the name of the job. Use alphanumeric characters only, and no spaces.
  4. In Backup Type, enter the location of the backup file.
    • This appliance
    • TFTP server. Specify the IP address.
    • SCP server. Specify the IP address, user name and password.
    • FTP server. Specify the IP address, user name and password.
  5. In Backup Schedule, select the frequency (Daily, Weekly, Monthly) for this backup. Where relevant, enter the Time of day for the job, in the 24 hour clock format.
  6. Click Add. The scheduled backup shows in the Scheduled Backups table.

To delete a scheduled backup:

  1. In the tree view, click Maintenance > System Backup.
  2. In the Scheduled Backups table, select the backup to delete.
  3. Click Delete.

Configuring Scheduled Backups - CLI (backup-scheduled)

Description

Configure a scheduled backup of the system configuration

Syntax

To add a scheduled backup locally:

add backup-scheduled name VALUE local

To add a scheduled backup on a remote server using FTP:

add backup-scheduled name VALUE ftp ip VALUE username VALUE password plain

To add a scheduled backup on a remote server using SCP:

add backup-scheduled name VALUE scp ip VALUE username VALUE password plain

To add a scheduled backup on a remote server using TFTP:

add backup-scheduled name VALUE tftp ip VALUE

To configure a daily backup schedule:

set backup-scheduled name VALUE recurrence daily time VALUE

To configure a monthly backup schedule:

set backup-scheduled name VALUE recurrence monthly month VALUE days VALUE time VALUE

To configure a weekly backup schedule:

set backup-scheduled name VALUE recurrence weekly days VALUE time VALUE

To show the details of the scheduled backup:

show backup-scheduled VALUE

To delete a scheduled backup:

delete backup-scheduled VALUE
 

Parameters

Parameter

Description

name VALUE

The name of the scheduled backup

ip VALUE

The IP address of the FTP, TFTP, or SCP remote server

username VALUE

User name required to log in to the remote server

backup-scheduled VALUE

The name of a scheduled backup

password plain

At the prompt, enter the password for the remote server

recurrence daily time

To specify a job for once a day, enter recurrence daily time, and the time of day, in the 24 hour clock format. For example: 14:00

.

recurrence monthly month

To specify a job for once a month, enter recurrence monthly month, and the specific months. Each month by number, and separate by commas. For example: for January through March, enter

1,2,3

recurrence weekly days

To specify a job for once a week, enter recurrence weekly, and the day by number, when 0 is Sunday and 6 is Saturday.

time 

To specify the time, enter the time in the twenty four hour clock format. For example: 14:00.

days
  • When the recurrence is weekly: To specify the days, enter the day by number: 0 is Sunday and 6 is Saturday.
  • When the recurrence is monthly: To specify the days, enter the day by number: 1 to 31.

Separate several days with commas. For example: for Monday and Thursday enter 1,4

 

Working with System Configuration - CLI (configuration)

You can save your Gaia system configuration settings as a ready-to-run CLI script. This feature lets you quickly restore your system configuration after a system failure or migration.

Note - You can only do a migration using the same Gaia version on the source and target computers.

To save the system configuration to a CLI Script, run:

save configuration <script name>

To restore configuration settings, run:

load configuration <script name>

<script name> - Name of the script file.

To see the latest configuration settings, run:

show configuration

This example shows part of the configuration settings as last saved to a CLI script:

mem103> show configuration
#
# Configuration of mem103
# Language version: 10.0v1
#
# Exported by admin on Mon Mar 19 15:06:22 2012
#
set hostname mem103
set timezone Asia / Jerusalem
set password-controls min-password-length 6
set password-controls complexity 2
set password-controls palindrome-check true
set password-controls history-checking true
set password-controls history-length 10
set password-controls password-expiration never
set ntp active off
set router-id 6.6.6.103
set ipv6-state off
set snmp agent off
set snmp agent-version any
set snmp community public read-only
set snmp traps trap authorizationError disable
set snmp traps trap coldStart disable
set snmp traps trap configurationChange disable
 

Emergendisk

Emergendisk is a set of tools on a removable USB device for emergency password recovery and file system access. An Emergendisk bootable USB device can be used on all Check Point appliances and Open Servers. You can create an Emergendisk removable device that contains these tools:

  • Password recovery - If you forget your administrator password, you can restore the initial system administrator username and password (admin/admin).
  • System Recovery - If the Gaia system does not boot up, use the emergendisk tool to boot Gaia from the removable device. You can also use emergendisk to see the file system as it was when Gaia was installed. You can then copy files to the damaged system.
  • Disk Erasure - Use the DBAN open source tools to securely erase a hard disk. The dban.org site gives this description of the tools: "Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction."

This is the Emergendisk menu:

       +----------------------------------------------------------+
       ¦                     Rescue USB Drive                     ¦
       +----------------------------------------------------------¦
       ¦ Boot EmergenDisk with console                            ¦
       ¦ Reset Admin Password                                     ¦
       ¦ Boot EmergenDisk with vga                                ¦
       ¦ Darik's Boot and Nuke (DBAN)                             ¦
       ¦ Boot from local drive                                    ¦
       ¦                                                          ¦
       ¦                                                          ¦
       ¦                                                          ¦
       ¦                                                          ¦
       +----------------------------------------------------------+
 
                       Press [Tab] to edit options

Creating the Emergendisk Removable Device

Emergendisk is a set of tools on a removable USB device for emergency password recovery and file system access. An Emergendisk bootable USB device can be used on all Check Point appliances and Open Servers.

To create the Emergendisk:

  1. At the CLI, type expert and then your expert password.
  2. Insert a removable device into the USB port on the Gaia computer.
  3. Run:
    emergendisk
  4. Choose the removable device.

    A warning message shows:

    Warning! all data will be lost from device.
    Are you sure you want to continue [yes/no]?

  5. Type yes

    The device is formatted and files are copied. A progress bar shows.

    After some minutes a success message appears:

    Emergendisk created successfully

Booting from the Emergendisk Removable Device

If the Gaia system does not boot up, use the emergendisk tool to boot Gaia from the removable device. You can also use emergendisk to see the file system as it was when Gaia was installed. You can then copy files to the damaged system.

To boot from the Emergendisk removable device:

  1. At the CLI, type expert and then your expert password.
  2. Insert the Emergendisk removable device into the USB port on the Gaia computer.
  3. Reboot. At the prompt, type
    reboot

    The Emergendisk menu shows.

  4. Choose one of these options:

    Boot emergendisk with VGA
    Boot emergendisk with console

After the reboot, you are in the USB file system. You can see the files system on the Gaia computer in the /mnt/hdd directory.

Note - When using an Emergendisk removable device that was created on a different Gaia computer, it may fail to mount the local file system.

Resetting the Administrator Password

If you forget your administrator password, you can restore the initial system administrator username and password (admin/admin).

To reset the administrator password:

  1. At the CLI, type expert and then your expert password.
  2. Insert the removable device into the USB port on the Gaia computer.
  3. At the prompt, type:
    reboot

    After the reboot, the Emergendisk menu shows.

  4. Choose the option:
    Reset Admin Password

    Console messages show. After some minutes, this message shows:

    Admin password successfully reset
    Please remove disk or any other media and press enter to restart

  5. Remove the removable device from the USB port.
  6. Press Enter to reboot

The administrator username/password is admin/admin.

Irrecoverably Erasing Data using DBAN

Use the DBAN open source tools to securely erase a hard disk. The dban.org site gives this description of the tools: "Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction."

To Erase the Disk of the DBAN tools:

  1. At the CLI, type expert and then your expert password.
  2. Insert the removable device into the USB port on the Gaia computer with the disk to erase.
  3. At the prompt, type
    reboot

    After the reboot, the Emergendisk menu opens.

  4. Choose the option:
    Darik's Boot and Nuke (DBAN)
  5. The DBAN menu shows the different ways of erasing the disk.

    Press [Tab] to edit options
    +----------------------------------------------------------+
    ¦ ¦
    +----------------------------------------------------------¦
    ¦ autonuke ¦
    ¦ dban ¦
    ¦ dod ¦
    ¦ dod3pass ¦
    ¦ dodshort ¦
    ¦ gutmann ¦
    ¦ ops2 ¦
    ¦ paranoid ¦
    ¦ prng ¦
    ¦ quick ¦
    ¦ zero ¦
    ¦ nofloppy ¦
    +----------------------------------------------------------+

  6. Choose the required option.
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print