Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Working with Global Commands

The 61000/41000 Security System operating system includes a set of global commands that apply to all or specified SGMS in a system.

gclish commands apply globally to all SGMs by default. Some gclish commands are applicable to the 61000/41000 Security System and its components.

gclish commands do not apply to SGMs in the DOWN state. If you run a set command while a SGM is down, the command will not update that SGM. The SGM synchronizes its database during the startup process and the changes are applied after reboot.

clish commands are documented in Gaia Admin Guide.
Most of these commands are also available in the 61000/41000 Security System.

Notes

  • Documentation for the Chassis feature is in the Hardware Monitoring and Chassis High Availability sections.
  • auditlog is enabled by default. All commands are recorded in the log and can be retrieved with asg_auditlog (documented separately).
  • config-lock is the command that protects gclish database. The lock can be held by single SGM per system. When user attempts to perform gclish set operations from specific SGM, he should make sure that this SGM holds the config-lock. In order to acquire config-lock, the command set config-lock on override should be executed.
  • gclish traffic runs on Sync interface, port 1129/TCP.
  • gclish can run extended commands. Run show commands extended to see the list of extended commands, which can run from gclish.
  • To run command on specified SGMs, use the blade-range specification. When you use blade-range, all gclish embedded commands will run only on this subset of SGMs. Since all SGMs must have identical configuration, the use of blade-range is not recommended.
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print