Configuring the IPv6 Support - CLI
The IPv6-state
Description
|
Use this command to enable or disable IPv6 support.
|
Syntax
|
set ipv6-state off
set ipv6-state on
show ipv6-state
|
Parameters
|
Parameter
|
Description
|
on |off
|
Turns IPv6 support on or off.
|
|
|
System Logging
Configure the settings for the system logs, including sending them to a remote server. Make sure to configure the remote server to receive the system logs.
Configuring System Logging - WebUI
This section includes procedures for configuring system logging to remote servers using the WebUI.
To send system logs using the WebUI:
- In the tree view, click > .
- Click .
The window opens.
- In , enter the IP address of the remote server.
- In , select the severity level of the logs that are sent to the remote server.
- Click .
To edit system logging settings using the WebUI:
- In the tree view, click > .
- Select the IP address of the remote server.
- Click .
The window opens.
- Configure the and settings.
- Click .
To stop sending system logs using the WebUI:
- In the tree view, click > .
- Select the IP address of the remote server.
- Click .
A confirmation window opens.
- Click .
Configuring System Logging - CLI (syslog)
Description
|
Configures system logging settings
|
Syntax
|
To send system logs to a remote server:
add syslog log-remote-address <remote ip> level <severity>
To stop sending system logs to a remote server:
delete syslog log-remote-address <remote ip> level <severity>
To configure the file name of the system log:
set syslog filename <file>
To show the system logging settings:
show syslog all
filename
log-remote-addresses
|
Parameters
|
syslog
|
Configures the system logging.
|
log-remote-
address
|
Configures remote IP address for system logging.
|
level
|
Filters a severity level for the system logging.
|
filename
|
Configures or shows the file name of the system log.
|
|
|
Parameter Values
|
<remote ip>
|
IP address of remote computer.
|
<severity>
|
syslog
emergalertcriterrwarningnoticeinfodebugall
|
<file>
|
System log file name.
|
|
|
Example
|
add syslog log-remote-address 192.0.2.1 level all
set syslog filename system_logs
show syslog filename
|
Comments
|
There are some command options and parameters that you cannot do using the WebUI.
|
Configuring Log Volume - CLI (volume)
0n condition that there is enough available disk space, you can enlarge the log partition.
|
Note - Disk space is added to the log volume by subtracting it from the space used to store backup images.
|
To show log partition usage, run:
Syntax:
|
show volume logs
|
Output:
|
Logical volume (logs) size:3.00GB, free:2.82GB
Free space for future backup images: 15.84GB
|
To enlarge the log partition, run:
Syntax:
|
set volume VALUE size VALUE
|
Example:
|
set volume logs size 4
|
Output:
|
Prior to adding new storage to the file system, it is recommended to backup the system.
Note that during the process, all Check Point products will be shutdown.
Are you sure you want to continue?(Y/N)[N]
y
This operation may take several minutes...
|
Comments
|
|
Network Access
Telnet is not recommended for remote login because it is not secure. SSH, for example, provides much of the functionality of Telnet with good security. Network access to Gaia using Telnet is disabled by default. However, you can allow Telnet access.
Configuring Telnet Access - WebUI
- In the tree view, click .
- Select .
- Click .
Configuring Telnet Access - CLI (net-access)
Description
|
Allow or disallow network access using Telnet to the Gaia computer
|
Syntax
|
To allow or disallow Telnet access:
set net-access telnet on
set net-access telnet off
To show if Telnet access is allowed or disallowed:
show net-access telnet
|
Configuring the WebUI Web server
You can configure the server responsible for the Gaia WebUI using the web feature. The web feature consists of these commands:
set web daemon-enable VALUEset web session-timeout VALUEset web ssl-certificate cert-file VALUE key-file VALUE passphrase VALUEset web ssl-certificate cert-file VALUE key-file VALUE prompt-passphraseset web ssl-port VALUEshow web daemon-enableshow web session-timeoutshow web ssl-port
Enabling the web daemon
Use this command to enable the web daemon:
Syntax
|
set web daemon-enable on | off
|
|
Parameter
|
Description
|
daemon-enable VALUE
|
on or off
|
|
|
Setting a web-session timeout
Use this command to define the time (in minutes) after which the HTTP session terminates.
Syntax
|
set web session-timeout VALUE
|
|
Parameter
|
Description
|
session-timeout VALUE
|
The value entered here defines the amount of time after which the web server will terminate a HTTP session with the WebUI.
Range: Integers between 1 and 1440 inclusive.
Default: 20
|
|
|
Setting a web SSL certificate
Use these command to set (define) a web SSL certificate, the certificate that authenticates the WebUI server to the browser.
Description
|
Use these commands to define the server certificate
|
Syntax
|
set web ssl-certificate cert-file VALUE key-file VALUE passphrase VALUEset web ssl-certificate cert-file VALUE key-file VALUE prompt-passphrase
|
Parameters
|
Parameter
|
Description
|
cert-file VALUE
|
Enter the full path to the certificate file, for example: /usr/my_cert.crt
|
passphrase VALUE
|
Enter a password that lets you view the contents of the server certificate
|
key-file VALUE
|
Enter the full path to the key file, for example: /user/my_key.key
|
|
|
Comments
|
Obtain the certificate from the Internal Certificate Authority (ICA) of the Security Management Server or an external certificate authority, such as VeriSign.
|
Setting an SSL port
Use this command to define a port for SSL
Description
|
Specifies the port number on which the WebUI can be accessed when using SSL-secured connections
|
Syntax
|
set web ssl-port VALUE
|
Parameters
|
Parameter
|
Description
|
ssl-port VALUE
|
Integers between 1 and 65535 inclusive.
Default: "443".
|
|
|
Comments
|
Use this command for initial configuration only. Changing the port number on the command line may cause inconsistency with the setting defined in SmartDashboard. Use SmartDashboard to set the SSL port.
Note: This setting does not affect non-SSL connections. Normally this should be left at 443. If you change the port number you will have to change the URL used to access the WebUI: from https://hostname/https://hostname:PORTNUMBER/
|
Showing the state of the web daemon
Description
|
Use this command to show the state of the web daemon
|
Syntax
|
show web daemon-enable
|
Output
|
gw-gaia> show web daemon-enable
WebDaemonEnable on
|
Showing the web session-timeout
Description
|
Use this command to show the state of the web session time-out
|
Syntax
|
show web session-timeout
|
Output
|
gw-gaia> show web session-timeout
WebSessionTimeout 99
|
Showing the web SSL-port
Description
|
Use this command to show the web SSL-port
|
Syntax
|
show web ssl-port
|
Output
|
gw-gaia> show web ssl-port
web-ssl-port 443
|
Host Access
The Allowed-Clients feature lets you specify hosts or networks that are allowed to connect to the WebUI or Command Line interface of the Gaia device.
Configuring Allowed Gaia Clients - WebUI
- In the tree view, click .
- Click .
The window opens.
- Select one of these options:
All remote hosts can access the Gaia WebUI or CLI.
Enter the IP address of one host.
Enter the IP address of a network and subnet mask.
- Click .
Configuring Allowed Gaia Clients - CLI (allowed-client)
Description
|
Use this command to configure remote access to the Gaia WebUI or CLI
|
Syntax
|
add allowed-client host any-host
add allowed-client host ipv4-address VALUE
add allowed-client network ipv4-address VALUE mask-length VALUE
delete allowed-client host any-host
delete allowed-client host ipv4-address VALUE
delete allowed-client network ipv4-address VALUE
show allowed-client all
|
Parameters
|
Parameter
|
Description
|
ipv4-address VALUE
|
The IPv4 address of the allowed host
|
mask-length VALUE
|
The mask-length of the allowed network
|
|
|
Example
|
add allowed-client host any-host
|
Output
|
gw-gaia> add allowed-client host any-host
gw-gaia> show allowed-client all
Type Address Mask Length
Host Any
gw-gaia>
|
|
|
|
