Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Configuring the IPv6 Support - CLI

The IPv6-state feature configures IPv6 support.

Description

Use this command to enable or disable IPv6 support.

Syntax

set ipv6-state off
set ipv6-state on
show ipv6-state

Parameters

Parameter

Description

on |off

Turns IPv6 support on or off.

 

System Logging

Configure the settings for the system logs, including sending them to a remote server. Make sure to configure the remote server to receive the system logs.

Configuring System Logging - WebUI

This section includes procedures for configuring system logging to remote servers using the WebUI.

To send system logs using the WebUI:

  1. In the tree view, click System Management > System Logging.
  2. Click Add.

    The Add Remote Server Logging Entry window opens.

  3. In IP Address, enter the IP address of the remote server.
  4. In Priority, select the severity level of the logs that are sent to the remote server.
  5. Click OK.

To edit system logging settings using the WebUI:

  1. In the tree view, click System Management > System Logging.
  2. Select the IP address of the remote server.
  3. Click Edit.

    The Edit Remote Server Logging Entry window opens.

  4. Configure the IP Address and Priority settings.
  5. Click OK.

To stop sending system logs using the WebUI:

  1. In the tree view, click System Management > System Logging.
  2. Select the IP address of the remote server.
  3. Click Delete.

    A confirmation window opens.

  4. Click Yes.

Configuring System Logging - CLI (syslog)

Description

Configures system logging settings

Syntax

To send system logs to a remote server:

add syslog log-remote-address <remote ip> level <severity>

To stop sending system logs to a remote server:

delete syslog log-remote-address <remote ip> level <severity>

To configure the file name of the system log:

set syslog filename <file>

To show the system logging settings:

show syslog all
            filename
            log-remote-addresses

Parameters

syslog

Configures the system logging.

log-remote-
address

Configures remote IP address for system logging.

level

Filters a severity level for the system logging.

filename

Configures or shows the file name of the system log.

 

Parameter Values

<remote ip>

IP address of remote computer.

<severity>

syslog severity level. These are the legal values:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug
  • all
<file>

System log file name.

 

Example

add syslog log-remote-address 192.0.2.1 level all
set syslog filename system_logs
show syslog filename

Comments

There are some command options and parameters that you cannot do using the WebUI.

Configuring Log Volume - CLI (volume)

0n condition that there is enough available disk space, you can enlarge the log partition.

Note - Disk space is added to the log volume by subtracting it from the space used to store backup images.

 

To show log partition usage, run:

Syntax:

show volume logs

Output:

Logical volume (logs) size:3.00GB, free:2.82GB
Free space for future backup images: 15.84GB

To enlarge the log partition, run:

Syntax:

set volume VALUE size VALUE

Example:

set volume logs size 4

Output:

Prior to adding new storage to the file system, it is recommended to backup the system.

Note that during the process, all Check Point products will be shutdown.

Are you sure you want to continue?(Y/N)[N]

y

This operation may take several minutes...

Comments

  • The new size for the logical volume is set in GB. In the above example, the volume will be resized from 3GB to 4GB.
  • The new size must be a whole number.
  • If the size of the new volume subtracts too much space from the space used to store backup images, this message shows: "The logical volume new size is out of range, should be smaller than <number> GB."

    The system always reserves 6GB for backup images. This 6GB cannot be used to increase log volume. If necessary, enter a smaller number.

  • The volume will be resized after the system reboots.

Network Access

Telnet is not recommended for remote login because it is not secure. SSH, for example, provides much of the functionality of Telnet with good security. Network access to Gaia using Telnet is disabled by default. However, you can allow Telnet access.

Configuring Telnet Access - WebUI

  1. In the tree view, click System Management > Network Access.
  2. Select Enable Telnet.
  3. Click Apply.

Configuring Telnet Access - CLI (net-access)

Description

Allow or disallow network access using Telnet to the Gaia computer

Syntax

To allow or disallow Telnet access:

set net-access telnet on
set net-access telnet off
 

To show if Telnet access is allowed or disallowed:

show net-access telnet

Configuring the WebUI Web server

You can configure the server responsible for the Gaia WebUI using the web feature. The web feature consists of these commands:

  • set web daemon-enable VALUE
  • set web session-timeout VALUE
  • set web ssl-certificate cert-file VALUE key-file VALUE passphrase VALUE
  • set web ssl-certificate cert-file VALUE key-file VALUE prompt-passphrase
  • set web ssl-port VALUE
  • show web daemon-enable
  • show web session-timeout
  • show web ssl-port

Enabling the web daemon

Use this command to enable the web daemon:

Syntax

set web daemon-enable on | off

 

Parameter

Description

daemon-enable VALUE

on or off

 

Setting a web-session timeout

Use this command to define the time (in minutes) after which the HTTP session terminates.

Syntax

set web session-timeout VALUE

 

Parameter

Description

session-timeout VALUE

The value entered here defines the amount of time after which the web server will terminate a HTTP session with the WebUI.

Range: Integers between 1 and 1440 inclusive.

Default: 20

 

Setting a web SSL certificate

Use these command to set (define) a web SSL certificate, the certificate that authenticates the WebUI server to the browser.

Description

Use these commands to define the server certificate

Syntax

  • set web ssl-certificate cert-file VALUE key-file VALUE passphrase VALUE
  • set web ssl-certificate cert-file VALUE key-file VALUE prompt-passphrase

Parameters

Parameter

Description

cert-file VALUE

Enter the full path to the certificate file, for example: /usr/my_cert.crt

passphrase VALUE

Enter a password that lets you view the contents of the server certificate

key-file VALUE

Enter the full path to the key file, for example: /user/my_key.key

 

Comments

Obtain the certificate from the Internal Certificate Authority (ICA) of the Security Management Server or an external certificate authority, such as VeriSign.

Setting an SSL port

Use this command to define a port for SSL

Description

Specifies the port number on which the WebUI can be accessed when using SSL-secured connections

Syntax

set web ssl-port VALUE

Parameters

Parameter

Description

ssl-port VALUE

Integers between 1 and 65535 inclusive.

Default: "443".

 

Comments

Use this command for initial configuration only. Changing the port number on the command line may cause inconsistency with the setting defined in SmartDashboard. Use SmartDashboard to set the SSL port.

Note: This setting does not affect non-SSL connections. Normally this should be left at 443. If you change the port number you will have to change the URL used to access the WebUI: from https://hostname/ to https://hostname:PORTNUMBER/

Showing the state of the web daemon

Description

Use this command to show the state of the web daemon

Syntax

show web daemon-enable

Output

gw-gaia> show web daemon-enable

WebDaemonEnable on

Showing the web session-timeout

Description

Use this command to show the state of the web session time-out

Syntax

show web session-timeout

Output

gw-gaia> show web session-timeout
WebSessionTimeout 99

Showing the web SSL-port

Description

Use this command to show the web SSL-port

Syntax

show web ssl-port

Output

gw-gaia> show web ssl-port
web-ssl-port 443

Host Access

The Allowed-Clients feature lets you specify hosts or networks that are allowed to connect to the WebUI or Command Line interface of the Gaia device.

Configuring Allowed Gaia Clients - WebUI

  1. In the tree view, click System Management > Host Access.
  2. Click Add.

    The Add a New Allowed Client window opens.

  3. Select one of these options:
    • Any host

      All remote hosts can access the Gaia WebUI or CLI.

    • Host

      Enter the IP address of one host.

    • Network

      Enter the IP address of a network and subnet mask.

  4. Click OK.

Configuring Allowed Gaia Clients - CLI (allowed-client)

Description

Use this command to configure remote access to the Gaia WebUI or CLI

Syntax

add allowed-client host any-host
add allowed-client host ipv4-address VALUE
add allowed-client network ipv4-address VALUE mask-length VALUE
delete allowed-client host any-host
delete allowed-client host ipv4-address VALUE
delete allowed-client network ipv4-address VALUE
show allowed-client all
 

Parameters

Parameter

Description

ipv4-address VALUE

The IPv4 address of the allowed host

mask-length VALUE

The mask-length of the allowed network

 

Example

add allowed-client host any-host

Output

gw-gaia> add allowed-client host any-host
 
gw-gaia> show allowed-client all
 
Type        Address          Mask Length
 
Host        Any
 
gw-gaia>
 



						

						
					
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print