Configuring Gaia for the First Time

In This Section:

Running the First Time Configuration Wizard in WebUI

Running the First Time Configuration Wizard in CLI

After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.

Running the First Time Configuration Wizard in WebUI

To configure Gaia and the Check Point products on it for the first time, using WebUI, refer to R77 Installation and Upgrade for Gaia Platforms Administration Guide.

Running the First Time Configuration Wizard in CLI

You can configure Gaia system and the Check Point products on it for the first time using the CLI config_system command.

Notes -

The config_system utility is not an interactive configuration tool. It helps automate the first time configuration process.
The config_system utility is only for the first time configuration, and not for ongoing system configurations.

To run the First Time Configuration Wizard from a configuration string:

Run this command in Expert mode: config_system --config-string <string of parameters and values>
A configuration string must consist of parameter=value pairs, separated by &. The whole string must be enclosed between quotation marks. For example: "hostname=myhost&domainname=somedomain.com&timezone='America/Indiana/Indianapolis'
&ftw_sic_key=aaaa&install_security_gw=true&gateway_daip=false&install_ppak=true
&gateway_cluster_member=true&install_security_managment=false"

For more information on valid parameters and values, see config_system.
Reboot the system.

To run the First Time Configuration Wizard from a configuration file:

Run this command in Expert mode: config_system -f <file_name>
Reboot the system.

If you do not have a configuration file, you can create a configuration template and fill in the parameter values as necessary. Before you run the First Time Configuration Wizard, you can validate the configuration file you created.

To create a configuration file:

Create a template file: config_system -t <file_name>
Open the file you created in a text editor and edit all parameter values as necessary.
Save the updated configuration file.

To validate a configuration file:

Run this command in Expert mode: config_system --config-file <file_name> --dry-run

config_system

Run config_system command in expert mode.

Description:

Use this command to test and to run the First Time Configuration Wizard on a Gaia system for the first time after the system installation.

Syntax:

To list the command options:

config_system --help

To run the First Time Configuration Wizard from a specified configuration file:

config_system -f|--config-file <filepath>

To run the First Time Configuration Wizard from a specified configuration string:

config_system -s|--config-string <string>

To create a First Time Wizard Configuration file template in a specified path:

config_system -t|--create-template <path>

To verify that the First Time Configuration file is valid:

config_system --dry-run

To list configurable parameters:

config_system -l|--list-params

A configuration file contains the <parameter>=<value> pairs described in the table below.


	Note - The parameters can change from version to version. Run `config_system --help` to see currently available parameters.
Parameter		Description	Valid values
`install_security_gw`		Installs Security Gateway, if set to `true`.	`true` `false`
`install_ppak`		Installs Performance Pack, if set to `true`. Must be set to `true`, if `install_security_gw` is set to `true.`	`true` `false`
`gateway_daip`		Enables or disables dynamic IP gateway.	`true` `false` Note - must be set to `false` if ClusterXL or Security Management Server is enabled.
`gateway_cluster_member`		Enables or disables ClusterXL.	`true` `false`
`install_security_managment`		Installs Security Management Server, if set to `true`.	`true` `false`
`install_mgmt_primary`		Makes the installed Security Management Server the primary one. The `install_security_managment` must be set to `true`.	`true` `false` Note - can only be set to `true`, if the `install_mgmt_secondary` is set to `false`.
`install_mgmt_secondary`		Makes the installed Security Management Server a secondary one. The `install_security_managment` must be set to `true`.	`true` `false` Note - can only be set to `true`, if the `install_mgmt_primary` is set to `false`.
`install_mds_primary`		Makes the installed Security Management Server the primary Multi-Domain Server. The `install_security_managment` must be set to `true`.	`true` `false` Note - can only be set to `true`, if the `install_mds_secondary` is set to `false`.
`install_mds_secondary`		Makes the installed Security Management Server a secondary Multi-Domain Server. The `install_security_managment` must be set to `true`.	`true` `false` Note - can only be set to `true`, if the `install_mds_primary` is set to `false`.
`install_mlm`		Installs Multi-Domain Log Server, if set to `true`.	`true` `false`
`install_mds_interface`		Specifies Multi-Domain Server management interface.	Name of the interface exactly as it appears in the device configuration. Examples: `eth0`, `eth1`
`mgmt_admin_name`		Sets management administrator's username. Must be provided if `install_security_managment` is set to `true`.	A string of alphanumeric characters.
`mgmt_admin_passwd`		Sets management administrator's password. Must be provided if `install_security_managment` is set to `true`.	A string of alphanumeric characters.
`mgmt_gui_clients_radio`		Specifies management WebUI clients that can connect to the Security Management Server.	IPv4 address of a host `any` `range` `network`
`mgmt_gui_clients_first_ip_field`		Specifies the first address of the range, if `mgmt_gui_clients_radio` is set to `range`.	IPv4 address of a host.
`mgmt_gui_clients_last_ip_field`		Specifies the last address of the range, if `mgmt_gui_clients_radio` is set to `range`.	IPv4 address of a host.
`mgmt_gui_clients_ip_field`		Specifies the network address, if `mgmt_gui_clients_radio` is set to `network`.	IPv4 address of a network.
`mgmt_gui_clients_subnet_field`		Specifies the netmask, if `mgmt_gui_clients_radio` is set to `network`.	A number from 0 to 32.
`ftw_sic_key`		Sets a secure Internal Community key, if `install_security_managment` is set to `false`.	A string of alphanumeric characters.
`admin_hash`		Sets administrator's password.	A string of alphanumeric characters, enclosed between single quotation marks.
`iface`		Interface name (optional).	Name of the interface exactly as it appears in the device configuration. Examples: `eth0`, `eth1`
`ipstat_v4`		Turns static IPv4 configuration on, when set to `manually`.	`manually` `off`
`ipaddr_v4`		Sets IPv4 address of the management interface.	IPv4 address.
`masklen_v4`		Sets IPv4 mask length for the management interface.	A number from 0 to 32.
`default_gw_v4`		Specifies IPv4 address of the default gateway.	IPv4 address.
`ipstat_v6`		Turns static IPv6 configuration on, when set to `manually`.	`manually` `off`
`ipaddr_v6`		Sets IPv6 address of the management interface.	IPv6 address.
`masklen_v6`		Sets IPv6 mask length for the management interface.	A number from 0 to 128.
`default_gw_v6`		Specifies IPv6 address of the default gateway.	IPv6 address.
`hostname`		Sets the name of the local host (optional).	A string of alphanumeric characters.
`domainname`		Sets the domain name (optional).	Fully qualified domain name. Example: `somedomain.com`
`timezone`		Sets the area/region (optional).	The value must be enclosed between single quotation marks. Examples: `'America/New_York'`, `'Asia/Jerusalem'`
`ntp_primary`		Sets the IP address of the primary NTP server (optional).	IPv4 address.
`ntp_secondary`		Sets the IP address of the secondary NTP server (optional).	IPv4 address.
`primary`		Sets the IP address of the primary DNS server (optional)	IPv4 address.
`secondary`		Sets the IP address of the secondary DNS server (optional)	IPv4 address.
`tertiary`		Sets the IP address of the tertiary DNS server (optional)	IPv4 address.
`download_info`		Downloads Check Point Software Blade contracts and other important information, if set to `true` (Best Practice - optional, but highly recommended). For more information, see sk94508.	`true` `false`
`upload_info`		Uploads data that helps Check Point provide you with optimal services, if set to `true` (Best Practice - optional, but highly recommended). For more information, see sk94509.	`true` `false`