Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Configuring Snapshot Management - CLI (snapshot)

Description

Manage system images (also known as snapshots)

Syntax

To make a new image:

add snapshot VALUE desc VALUE

To delete an image

delete snapshot VALUE

To export or import an image, or to revert to an image:

set snapshot export VALUE path VALUE name VALUE
set snapshot import VALUE path VALUE name VALUE
set snapshot revert VALUE

To show image information

show snapshot VALUE all
show snapshot VALUE date
show snapshot VALUE desc
show snapshot VALUE size
show snapshots

Parameters

Parameter

Description

 
snapshot VALUE

Name of the image

desc VALUE

Description of the image

snapshot export VALUE

The name of the image to export

snapshot import VALUE

The name of the image to import

path VALUE

The storage location for the exported image. For example: /var/log

name VALUE

The name of the exported image (not the original image).

all

All image details

 

Comments
  • To create the snapshot image requires free space on the Backup partition. The required free disk space is the actual size of the root partition, multiplied by 1.15.
  • The free space required in the export file storage location is the size of the snapshot multiplied by two.
  • The minimum size of a snapshot is 2.5G, so the minimum free space you need in the export file storage location is 5G.
  • You must not rename the exported image. If you rename a snapshot image, it it not possible to revert to it.

Download SmartConsole

You can download the SmartConsole application package from a Gaia Security Management Server to your WebUI client computer. After downloading the package you can install it and use it to connect to the Security Management Server.

Download SmartConsole - WebUI

To download the Check Point SmartConsole applications installation package:

  1. In the tree view, select one of:
    • Overview. At the top of the page, click Download Now!
    • Maintenance > Download SmartConsole.
  2. Click Download.

Hardware Health Monitoring

You can monitor these hardware elements:

  • Fan sensors—Shows the fan number, status, and value.
  • System Temperature sensor
  • Voltage sensors
  • Power Supply (on machines that support it)

Showing Hardware Health Monitoring Information - WebUI

In the navigation tree, click Maintenance > Hardware Health.

You can see the status of the machine fans, system temperature, the voltages, and (for supported hardware only) the power supply.

Note - The Hardware Health Monitoring page only appears for supported hardware.

For each component sensor, the table shows the value of its operation, and the status: OK, Low, or High.

  • To see the health history of a component, select the component sensor. A graph shows the values over time.
  • To change the time intervals that the graph shows, click the Minute arrows.
  • To view different times, click the Forward/Backward arrows.
  • To refresh, click Refresh.

Showing Hardware Monitoring Information - CLI (sysenv)

Description

These commands display the status for various system components. Components for which the status can be displayed include temperature, voltage, power supplies, and fans. The command returns status only for installed components.

Syntax

To display all system status information:

show sysenv all
 

To display all system component information:

show sysenv fans
show sysenv ps
show sysenv temp
show sysenv volt

Parameters

Parameter

Description

 
ps

Power Supply (for supported hardware only)

 

Example

 
show sysenv all

Output

 
gw-3002f0> show sysenv all
 
Hardware Information
 
Name   Value    unit      type     status  Maximum  Minimum
+12V   29.44    Volt      Voltage    0      12.6      11.4
+5V     6.02    Volt      Voltage    0      5.3       4.75
VBat    3.23    Volt      Voltage    0      3.47      2.7
 
 
 


Showing Hardware Information - CLI (show asset)






Description



Shows information about the hardware on which Gaia is installed. The information shown depends on the type of hardware. Common types of information shown are:


  • Serial number
  • Amount of physical RAM
  • CPU frequency
  • Number of disks in the system
  • Disk capacity
 







Syntax



show asset all
show asset  
show asset <category name>


 







Parameters







Parameter 



Description







all



Show all available hardware information. The information shown depends on the type of hardware.










Show a list of asset categories, such as system and disk. The available categories depend on the type of hardware.







<category name>



Show available information for a specific category









 


 







Example 1



clish> show asset 







Output 1







system all









 







Example 2



clish> show asset all







Output 2







Platform: Check Point 4400


Serial Number: abcdefghijklmn


CPU Frequency: 26O0Mhz


Disk Size: 250GB 









 










Shutdown


There are two ways to shut down:


  • Reboot: Shut down the system and then immediately restart it. 
  • Halt: Shut down the system.


Shutting Down - WebUI


To shut down the system and then immediately restart it:


  1. In the tree view, click Maintenance > Shut Down. 
  2. Click Reboot.
To shut down the system: 


  1. In the tree view, click Maintenance > Shut Down. 
  2. Click Halt.


Shutting Down - CLI (halt, reboot)


To shut down the system and then immediately restart it:


Run the reboot command.


To shut down the system: 


Run the halt command.


System Configuration Backup 









Note - This feature is available in a R75.40 Gaia Feature Release (Gaia+) clean installation. It is not available when upgrading to R75.40 Gaia.








  • Back up the configuration of the Gaia operating system and of the Security Management Server database. You can use the backup to restore a previously saved configuration. The configuration is saved to a .tgz file. You can store backups locally, or remotely to a TFTP, SCP or FTP server. You can run the backup manually, or do a scheduled backup.
  • Save your Gaia system configuration settings as a ready-to-run CLI script. This lets you quickly restore your system configuration after a system failure or migration.
    

    

    
    		

    Note - You can only do a migration using the same Gaia version on the source and target computers. 
    
    		

    


    

    



Backing Up and Restoring the System - WebUI


To add a backup:


  1. In the tree view, click Maintenance > System Backup
  2. Click Add Backup. 
    The New Backup window opens.
    

  3. Select the location of the backup file:
    • This appliance
    • TFTP server. Specify the IP address.
    • SCP server. Specify the IP address, user name and password.
    • FTP server. Specify the IP address, user name and password.
To restore from a backup:


  1. In the tree view, click Maintenance > System Backup.
  2. Select the backup file and click Restore Backup.
To delete a backup


  1. In the tree view, click Maintenance > System Backup.
  2. Select the backup file and click Delete.


Backing Up and Restoring the System - CLI (Backup)


Backing Up a Configuration






Description



Use these commands to create and save the system's configuration







Syntax



To create and save a backup locally:


add backup local


 


To create and save a backup on a remote server using FTP:


add backup ftp ip VALUE username VALUE password plain


 


To create and save a backup on a remote server using TFTP:


add backup tftp ip VALUE 


 


To save a backup on a remote server using SCP:


add backup scp ip VALUE username VALUE password plain


 







Parameters







Parameter 



Description







ip VALUE



The IP address of the remote server.







username VALUE



User name required to log in to the remote server.







password plain



At the prompt, enter the password for the remote server.









 







Example



add backup local







Output







gw> add backup local


Creating backup package. Use the command 'show backups' to monitor creation progress.


 


gw> show backup status


Performing local backup


 


gw> show backups


backup_gw-8b0891_22_7_2012_14_29.tgz Sun, Jul 22, 2012 109.73 MB









 







Comments



Backup configurations are stored in: /var/CPbackup/backups/








Restoring a Configuration






Description



Use these commands to restore the system's configuration from a backup file.







Syntax



To restore a backup from a locally held file:


set backup restore local <TAB> 


To restore a backup from a remote server using FTP:


set backup restore ftp ip VALUE file VALUE username VALUE password plain


To restore a backup from a remote server using TFTP:


set backup restore tftp ip VALUE file VALUE


To restore a backup from a remote server using SCP:


set backup restore scp ip VALUE file VALUE username VALUE password plain


 







Parameters







Parameter 



Description







local <TAB>



The <TAB> does an auto-complete on the name and location of the backup file. 







ip VALUE



The IP address of the remote server.







file VALUE



The location and name of the file on the remote server. 







username VALUE



User name required to log in to the remote server.







password plain



At the prompt, enter the password for the remote server.









 







Comments



To apply the new configuration, you must reboot.

















Note - To quickly restore the Gaia OS configuration after a system failure or migration, use the configuration feature.








Monitoring Backup Status


To monitor the creation of a backup:


show backup status


To show the status of the last backup performed:


show backups


Configuring Scheduled Backups - WebUI


To add a scheduled backup:


  1. In the tree view, click Maintenance > System Backup.
  2. Click Add Scheduled Backup. The New Scheduled Backup window opens.
  3. In Backup Name, enter the name of the job. Use alphanumeric characters only, and no spaces.
  4. In Backup Type, enter the location of the backup file.
    • This appliance
    • TFTP server. Specify the IP address.
    • SCP server. Specify the IP address, user name and password.
    • FTP server. Specify the IP address, user name and password.
  5. In Backup Schedule, select the frequency (Daily, Weekly, Monthly) for this backup. Where relevant, enter the Time of day for the job, in the 24 hour clock format.
  6. Click Add. The scheduled backup shows in the Scheduled Backups table.
To delete a scheduled backup:


  1. In the tree view, click Maintenance > System Backup.
  2. In the Scheduled Backups table, select the backup to delete.
  3. Click Delete. 


Configuring Scheduled Backups - CLI (backup-scheduled)






Description



Configure a scheduled backup of the system configuration







Syntax



To add a scheduled backup locally:


add backup-scheduled name VALUE local


To add a scheduled backup on a remote server using FTP:


add backup-scheduled name VALUE ftp ip VALUE username VALUE password plain


To add a scheduled backup on a remote server using SCP:


add backup-scheduled name VALUE scp ip VALUE username VALUE password plain


To add a scheduled backup on a remote server using TFTP:


add backup-scheduled name VALUE tftp ip VALUE


To configure a daily backup schedule: 


set backup-scheduled name VALUE recurrence daily time VALUE


To configure a monthly backup schedule: 


set backup-scheduled name VALUE recurrence monthly month VALUE days VALUE time VALUE


To configure a weekly backup schedule: 


set backup-scheduled name VALUE recurrence weekly days VALUE time VALUE


To show the details of the scheduled backup: 


show backup-scheduled VALUE


To delete a scheduled backup:


delete backup-scheduled VALUE


 







Parameters







Parameter 



Description







name VALUE



The name of the scheduled backup







ip VALUE



The IP address of the FTP, TFTP, or SCP remote server







username VALUE



User name required to log in to the remote server







backup-scheduled VALUE



The name of a scheduled backup







password plain



At the prompt, enter the password for the remote server







recurrence daily time



To specify a job for once a day, enter recurrence daily time, and the time of day, in the 24 hour clock format. For example: 14:00
.







recurrence monthly month



To specify a job for once a month, enter recurrence monthly month, and the specific months. Each month by number, and separate by commas. For example: for January through March, enter
 
1,2,3







recurrence weekly days



To specify a job for once a week, enter recurrence weekly, and the day by number, when 0 is Sunday and 6 is Saturday.







time 



To specify the time, enter the time in the twenty four hour clock format. For example:  14:00.







days



  • When the recurrence is weekly: To specify the days, enter the day by number: 0 is Sunday and 6 is Saturday. 
  • When the recurrence is monthly: To specify the days, enter the day by number: 1 to 31. 
Separate several days with commas. For example: for Monday and Thursday enter 1,4









 










Working with System Configuration - CLI (configuration)


You can save your Gaia system configuration settings as a ready-to-run CLI script. This feature lets you quickly restore your system configuration after a system failure or migration.









Note - You can only do a migration using the same Gaia version on the source and target computers. 










To save the system configuration to a CLI Script, run:


save configuration <script name>


To restore configuration settings, run:


load configuration <script name> 


<script name> - Name of the script file.


To see the latest configuration settings, run:


show configuration


This example shows part of the configuration settings as last saved to a CLI script:






mem103> show configuration


#


# Configuration of mem103


# Language version: 10.0v1


#


# Exported by admin on Mon Mar 19 15:06:22 2012


#


set hostname mem103


set timezone Asia / Jerusalem


set password-controls min-password-length 6


set password-controls complexity 2


set password-controls palindrome-check true


set password-controls history-checking true


set password-controls history-length 10


set password-controls password-expiration never


set ntp active off


set router-id 6.6.6.103


set ipv6-state off


set snmp agent off


set snmp agent-version any


set snmp community public read-only


set snmp traps trap authorizationError disable


set snmp traps trap coldStart disable


set snmp traps trap configurationChange disable


 










Emergendisk


Emergendisk is a set of tools on a removable USB device for emergency password recovery and file system access. An Emergendisk bootable USB device can be used on all Check Point appliances and Open Servers. You can create an Emergendisk removable device that contains these tools:


  • Password recovery - If you forget your administrator password, you can restore the initial system administrator username and password (admin/admin).
  • System Recovery - If the Gaia system does not boot up, use the emergendisk tool to boot Gaia from the removable device. You can also use emergendisk to see the file system as it was when Gaia was installed. You can then copy files to the damaged system.
  • Disk Erasure - Use the DBAN open source tools to securely erase a hard disk. The dban.org site gives this description of the tools: "Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction."
This is the Emergendisk menu:






       +----------------------------------------------------------+


       ¦                     Rescue USB Drive                     ¦


       +----------------------------------------------------------¦


       ¦ Boot EmergenDisk with console                            ¦


       ¦ Reset Admin Password                                     ¦


       ¦ Boot EmergenDisk with vga                                ¦


       ¦ Darik's Boot and Nuke (DBAN)                             ¦


       ¦ Boot from local drive                                    ¦


       ¦                                                          ¦


       ¦                                                          ¦


       ¦                                                          ¦


       ¦                                                          ¦


       +----------------------------------------------------------+


 


                       Press [Tab] to edit options










Creating the Emergendisk Removable Device


Emergendisk is a set of tools on a removable USB device for emergency password recovery and file system access. An Emergendisk bootable USB device can be used on all Check Point appliances and Open Servers. 


To create the Emergendisk:


  1. At the CLI, type expert and then your expert password. 
  2. Insert a removable device into the USB port on the Gaia computer.
  3. Run: 
    emergendisk
  4. Choose the removable device.
    A warning message shows:
    

    

    

    Warning! all data will be lost from device.
    Are you sure you want to continue [yes/no]? 
    
    		

    


    

  5. Type yes
    The device is formatted and files are copied. A progress bar shows.
    

    After some minutes a success message appears:
    

    

    

    Emergendisk created successfully
    
    		

    


    

    



Booting from the Emergendisk Removable Device


If the Gaia system does not boot up, use the emergendisk tool to boot Gaia from the removable device. You can also use emergendisk to see the file system as it was when Gaia was installed. You can then copy files to the damaged system.


To boot from the Emergendisk removable device:


  1. At the CLI, type expert and then your expert password. 
  2. Insert the Emergendisk removable device into the USB port on the Gaia computer.
  3. Reboot. At the prompt, type 
    reboot
    The Emergendisk menu shows.
    

  4. Choose one of these options:
    Boot emergendisk with VGA
    Boot emergendisk with console 
    

After the reboot, you are in the USB file system. You can see the files system on the Gaia computer in the /mnt/hdd directory.


Note - When using an Emergendisk removable device that was created on a different Gaia computer, it may fail to mount the local file system.


Resetting the Administrator Password


 If you forget your administrator password, you can restore the initial system administrator username and password (admin/admin).


To reset the administrator password:


  1. At the CLI, type expert and then your expert password. 
  2. Insert the removable device into the USB port on the Gaia computer.
  3. At the prompt, type: 
    reboot
    After the reboot, the Emergendisk menu shows.
    

  4. Choose the option: 
    Reset Admin Password 
    Console messages show. After some minutes, this message shows:
    

    Admin password successfully reset
    Please remove disk or any other media and press enter to restart
    

  5. Remove the removable device from the USB port. 
  6. Press Enter to reboot
The administrator username/password is admin/admin.


Irrecoverably Erasing Data using DBAN


Use the DBAN open source tools to securely erase a hard disk. The dban.org site gives this description of the tools: "Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction."


To Erase the Disk of the DBAN tools:


  1. At the CLI, type expert and then your expert password. 
  2. Insert the removable device into the USB port on the Gaia computer with the disk to erase.
  3. At the prompt, type 
    reboot
    After the reboot, the Emergendisk menu opens.
    

  4. Choose the option: 
    Darik's Boot and Nuke (DBAN) 
  5. The DBAN menu shows the different ways of erasing the disk.
    

    

                       Press [Tab] to edit options
       +----------------------------------------------------------+
       ¦                                                          ¦
       +----------------------------------------------------------¦
       ¦ autonuke                                                 ¦
       ¦ dban                                                     ¦
       ¦ dod                                                      ¦
       ¦ dod3pass                                                 ¦
       ¦ dodshort                                                 ¦
       ¦ gutmann                                                  ¦
       ¦ ops2                                                     ¦
       ¦ paranoid                                                 ¦
       ¦ prng                                                     ¦
       ¦ quick                                                    ¦
       ¦ zero                                                     ¦
       ¦ nofloppy                                                 ¦
       +----------------------------------------------------------+
    
    		

    


    

  6. Choose the required option.



						

						
							
					 
				

			

				
	

	


	
	

		
			

				

					Top of Page
					©2014 Check Point Software Technologies Ltd. All rights reserved.
					
						Download Complete PDF
						
						Send Feedback
						
						Print