Configuring Snapshot Management

Configuring Snapshot Management - CLI (snapshot)

Description

Manage system images (also known as snapshots)

Syntax

To make a new image:

add snapshot VALUE desc VALUE

To delete an image

delete snapshot VALUE

To export or import an image, or to revert to an image:

set snapshot export VALUE path VALUE name VALUE

set snapshot import VALUE path VALUE name VALUE

set snapshot revert VALUE

To show image information

show snapshot VALUE all

show snapshot VALUE date

show snapshot VALUE desc

show snapshot VALUE size

show snapshots

Parameters

Parameter	Description
`snapshot VALUE`	Name of the image
`desc VALUE`	Description of the image
`snapshot export VALUE`	The name of the image to export
`snapshot import VALUE`	The name of the image to import
`path VALUE`	The storage location for the exported image. For example: `/var/log`
`name VALUE`	The name of the exported image (not the original image).
`all`	All image details

Comments

To create the snapshot image requires free space on the Backup partition. The required free disk space is the actual size of the root partition, multiplied by 1.15.
The available space required in the export file storage location is the size of the snapshot multiplied by two.
The minimum size of a snapshot is 2.5G. Therefore, the minimum available space necessary in the export file storage location is 5G.
You must not rename the exported image. If you rename a snapshot image, it is not possible to revert to it.

Factory default images are created automatically when you install or upgrade an appliance to another release. You can restore your Check Point appliance to the factory default image for a specified release.

Note - This procedure overwrites all current configuration settings. We recommend that you create a backup image before you restore a factory default image.

To restore a factory default image:

From your appliance command line, run:
set fcd revert <default_image_name>
Follow the instructions on the screen.
Restart the appliance.

Download SmartConsole

You can download the SmartConsole application package from a Gaia Security Management Server to your WebUI client computer. After downloading the package you can install it and use it to connect to the Security Management Server.

Download SmartConsole - WebUI

To download the Check Point SmartConsole applications installation package:

In the tree view, select one of:
- Overview. At the top of the page, click Download Now!
- Maintenance > Download SmartConsole.
Click Download.

Hardware Health Monitoring

You can monitor these hardware elements:

Fan sensors—Shows the fan number, status, and value.
System Temperature sensor
Voltage sensors
Power Supply (on machines that support it)

Showing Hardware Health Monitoring Information - WebUI

In the navigation tree, click Maintenance > Hardware Health.

You can see the status of the machine fans, system temperature, the voltages, and (for supported hardware only) the power supply.

Note - The Hardware Health Monitoring page only appears for supported hardware.

For each component sensor, the table shows the value of its operation, and the status: OK, Low, or High.

To see the health history of a component, select the component sensor. A graph shows the values over time.
To change the time intervals that the graph shows, click the Minute arrows.
To view different times, click the Forward/Backward arrows.
To refresh, click Refresh.

Showing Hardware Monitoring Information - CLI (sysenv)

Description

These commands display the status for various system components. Components for which the status can be displayed include temperature, voltage, power supplies, and fans. The command returns status only for installed components.

Syntax

To display all system status information:

show sysenv all

To display all system component information:

show sysenv fans

show sysenv ps

show sysenv temp

show sysenv volt

Parameters

Parameter	Description
`ps`	Power Supply (for supported hardware only)

Example

show sysenv all

Output

gw-3002f0> show sysenv all

Hardware Information

Name   Value    unit      type     status  Maximum  Minimum

+12V   29.44    Volt      Voltage    0      12.6      11.4

+5V     6.02    Volt      Voltage    0      5.3       4.75

VBat    3.23    Volt      Voltage    0      3.47      2.7

Showing Hardware Information - CLI (show asset)

Description

Shows information about the hardware on which Gaia is installed. The information shown depends on the type of hardware. Common types of information shown are:

Serial number
Amount of physical RAM
CPU frequency
Number of disks in the system
Disk capacity

Syntax

show asset all
show asset
show asset <category name>

Parameters

Parameter	Description
`all`	Show all available hardware information. The information shown depends on the type of hardware.
	Show a list of asset categories, such as `system` and `disk`. The available categories depend on the type of hardware.
`<category name>`	Show available information for a specific category

Example 1

clish> show asset

Output 1

system all

Example 2

clish> show asset all

Output 2

Platform: Check Point 4400

Serial Number: abcdefghijklmn

CPU Frequency: 26O0Mhz

Disk Size: 250GB

Monitoring RAID Synchronization

In R77, you can monitor the RAID status of the disks to see when the hard disks are synchronized. If you reboot the appliance before the hard disks are synchronized, the synchronization starts again at the next boot.

Showing RAID Information - WebUI

To monitor the RAID status of the disks - WebUI:

In the navigation tree, click Maintenance > RAID Monitoring.

RAID Volumes and RAID Volume Disks information shows.

Showing RAID Information - CLI

To monitor the RAID status of the disks - CLI:

Run one of these commands:

raid_diagnostic
This shows data about the RAID and hard disks, with the percent synchronization done.

This is an example output for Smart-1 225. DiskID 0 is the left hard disk. DiskID 1 is the right hard disk.
cpstat os –f raidInfo
This shows almost the same information as the raid_diagnostic command, in tabular format.

Shutdown

There are two ways to shut down:

Reboot: Shut down the system and then immediately restart it.
Halt: Shut down the system.

Shutting Down - WebUI

To shut down the system and then immediately restart it:

In the tree view, click Maintenance > Shut Down.
Click Reboot.

To shut down the system:

In the tree view, click Maintenance > Shut Down.
Click Halt.

Shutting Down - CLI (halt, reboot)

To shut down the system and then immediately restart it:

Run the reboot command.

To shut down the system:

Run the halt command.

System Configuration Backup

Note - This feature is available in a R75.40 Gaia Feature Release (Gaia+) clean installation. It is not available when upgrading to R75.40 Gaia.

Back up the configuration of the Gaia operating system and of the Security Management Server database. You can restore a previously saved configuration. The configuration is saved to a .tgz file. You can store backups locally, or remotely to a TFTP, SCP or FTP server. You can run the backup manually or on a schedule.
Save your Gaia system configuration settings as a ready-to-run CLI script. This lets you quickly restore your system configuration after a system failure or migration.

Note - You can only do a migration using the same Gaia version on the source and target computers.

Backing Up and Restoring the System - WebUI

To add a backup:

In the tree view, click Maintenance > System Backup
Click Add Backup.
The New Backup window opens.
Select the location of the backup file:
- This appliance
- TFTP server. Specify the IP address.
- SCP server. Specify the IP address, user name and password.
- FTP server. Specify the IP address, user name and password.

To restore from a backup:

In the tree view, click Maintenance > System Backup.
Select the backup file and click Restore Backup.

To delete a backup

In the tree view, click Maintenance > System Backup.
Select the backup file and click Delete.

Backing Up and Restoring the System - CLI (Backup)

Backing Up a Configuration


Description	Use these commands to create and save the system's configuration
Syntax	To create and save a backup locally: `add backup local` To create and save a backup on a remote server using FTP: `add backup ftp ip VALUE username VALUE password plain` To create and save a backup on a remote server using TFTP: `add backup tftp ip VALUE` To save a backup on a remote server using SCP: `add backup scp ip VALUE username VALUE password plain`
Parameter		Description
`ip VALUE`		The IP address of the remote server.
`username VALUE`		User name required to log in to the remote server.
`password plain`		At the prompt, enter the password for the remote server.

Example

add backup local

Output

gw> add backup local

Creating backup package. Use the command 'show backups' to monitor creation progress.

gw> show backup status

Performing local backup

gw> show backups

backup_gw-8b0891_22_7_2012_14_29.tgz Sun, Jul 22, 2012 109.73 MB

Comments

Backup configurations are stored in: /var/CPbackup/backups/

Restoring a Configuration

Description

Use these commands to restore the system's configuration from a backup file.

Syntax

To restore a backup from a locally held file:

set backup restore local <TAB>

To restore a backup from a remote server using FTP:

set backup restore ftp ip VALUE file VALUE username VALUE password plain

To restore a backup from a remote server using TFTP:

set backup restore tftp ip VALUE file VALUE

To restore a backup from a remote server using SCP:

set backup restore scp ip VALUE file VALUE username VALUE password plain

Parameters

Parameter	Description
`local <TAB>`	The <TAB> does an auto-complete on the name and location of the backup file.
`ip VALUE`	The IP address of the remote server.
`file VALUE`	The location and name of the file on the remote server.
`username VALUE`	User name required to log in to the remote server.
`password plain`	At the prompt, enter the password for the remote server.

Comments

To apply the new configuration, you must reboot.

Note - To quickly restore the Gaia OS configuration after a system failure or migration, use the configuration feature.

Monitoring Backup Status

To monitor the creation of a backup:

show backup status

To show the status of the last backup performed:

show backups

Configuring Scheduled Backups - WebUI

To add a scheduled backup:

In the tree view, click Maintenance > System Backup.
Click Add Scheduled Backup. The New Scheduled Backup window opens.
In Backup Name, enter the name of the job. Use alphanumeric characters only, and no spaces.
In Backup Type, enter the location of the backup file.
- This appliance
- TFTP server. Specify the IP address.
- SCP server. Specify the IP address, user name and password.
- FTP server. Specify the IP address, user name and password.
In Backup Schedule, select the frequency (Daily, Weekly, Monthly) for this backup. Where relevant, enter the Time of day for the job, in the 24 hour clock format.
Click Add. The scheduled backup shows in the Scheduled Backups table.

To delete a scheduled backup:

In the tree view, click Maintenance > System Backup.
In the Scheduled Backups table, select the backup to delete.
Click Delete.

Configuring Scheduled Backups - CLI (backup-scheduled)

Description

Configure a scheduled backup of the system configuration

Syntax

To add a scheduled backup locally:

add backup-scheduled name VALUE local

To add a scheduled backup on a remote server using FTP:

add backup-scheduled name VALUE ftp ip VALUE username VALUE password plain

To add a scheduled backup on a remote server using SCP:

add backup-scheduled name VALUE scp ip VALUE username VALUE password plain

To add a scheduled backup on a remote server using TFTP:

add backup-scheduled name VALUE tftp ip VALUE

To configure a daily backup schedule:

set backup-scheduled name VALUE recurrence daily time VALUE

To configure a monthly backup schedule:

set backup-scheduled name VALUE recurrence monthly month VALUE days VALUE time VALUE

To configure a weekly backup schedule:

set backup-scheduled name VALUE recurrence weekly days VALUE time VALUE

To show the details of the scheduled backup:

show backup-scheduled VALUE

To delete a scheduled backup:

delete backup-scheduled VALUE

Parameters

Parameter	Description
name VALUE	The name of the scheduled backup
ip VALUE	The IP address of the FTP, TFTP, or SCP remote server
username VALUE	User name required to log in to the remote server
backup-scheduled VALUE	The name of a scheduled backup
password plain	At the prompt, enter the password for the remote server
`recurrence daily time`	To specify a job for once a day, enter `recurrence daily time`, and the time of day, in the 24 hour clock format. For example: `14:00` .
recurrence monthly month	To specify a job for once a month, enter `recurrence monthly month`, and the specific months. Each month by number, and separate by commas. For example: for January through March, enter `1,2,3`
`recurrence weekly days`	To specify a job for once a week, enter `recurrence weekly`, and the day by number, when 0 is Sunday and 6 is Saturday.
time	To specify the time, enter the time in the twenty four hour clock format. For example: `14:00`.
days	When the recurrence is weekly: To specify the days, enter the day by number: 0 is Sunday and 6 is Saturday. When the recurrence is monthly: To specify the days, enter the day by number: 1 to 31. Separate several days with commas. For example: for Monday and Thursday enter `1,4`

Working with System Configuration - CLI (configuration)

You can save your Gaia system configuration settings as a ready-to-run CLI script. This feature lets you quickly restore your system configuration after a system failure or migration.

Note - You can only do a migration using the same Gaia version on the source and target computers.

To save the system configuration to a CLI Script, run:

save configuration <script name>

To restore configuration settings, run:

load configuration <script name>

<script name> - Name of the script file.

To see the latest configuration settings, run:

show configuration

This example shows part of the configuration settings as last saved to a CLI script:

mem103> show configuration

# Configuration of mem103

# Language version: 10.0v1

# Exported by admin on Mon Mar 19 15:06:22 2012

set hostname mem103

set timezone Asia / Jerusalem

set password-controls min-password-length 6

set password-controls complexity 2

set password-controls palindrome-check true

set password-controls history-checking true

set password-controls history-length 10

set password-controls password-expiration never

set ntp active off

set router-id 6.6.6.103

set ipv6-state off

set snmp agent off

set snmp agent-version any

set snmp community public read-only

set snmp traps trap authorizationError disable

set snmp traps trap coldStart disable

set snmp traps trap configurationChange disable

Emergendisk

Emergendisk is a set of tools on a removable USB device for emergency password recovery and file system access. An Emergendisk bootable USB device can be used on all Check Point appliances and Open Servers. You can create an Emergendisk removable device that contains these tools:

Password recovery - If you forget your administrator password, you can restore the initial system administrator username and password (admin/admin).
System Recovery - If the Gaia system does not boot up, use the emergendisk tool to boot Gaia from the removable device. You can also use emergendisk to see the file system as it was when Gaia was installed. You can then copy files to the damaged system.
Disk Erasure - Use the DBAN open source tools to securely erase a hard disk. The dban.org site gives this description of the tools: "Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction."

This is the Emergendisk menu:

       +----------------------------------------------------------+

       ¦                     Rescue USB Drive                     ¦

       +----------------------------------------------------------¦

       ¦ Boot EmergenDisk with console                            ¦

       ¦ Reset Admin Password                                     ¦

       ¦ Boot EmergenDisk with vga                                ¦

       ¦ Darik's Boot and Nuke (DBAN)                             ¦

       ¦ Boot from local drive                                    ¦

       ¦                                                          ¦

       ¦                                                          ¦

       ¦                                                          ¦

       ¦                                                          ¦

       +----------------------------------------------------------+

                       Press [Tab] to edit options

Creating the Emergendisk Removable Device

To create the Emergendisk:

At the CLI, type expert and then your expert password.
Insert a removable device into the USB port on the Gaia computer.
Run:
emergendisk
Choose the removable device.
A warning message shows:

Warning! all data will be lost from device.
Are you sure you want to continue [yes/no]?
Type yes
The device is formatted and files are copied. A progress bar shows.

After some minutes a success message appears:

Emergendisk created successfully

Booting from the Emergendisk Removable Device

If the Gaia system does not boot up, use the emergendisk tool to boot Gaia from the removable device. You can also use emergendisk to see the file system as it was when Gaia was installed. You can then copy files to the damaged system.

To boot from the Emergendisk removable device:

At the CLI, type expert and then your expert password.
Insert the Emergendisk removable device into the USB port on the Gaia computer.
Reboot. At the prompt, type
reboot
The Emergendisk menu shows.
Choose one of these options:
Boot emergendisk with VGA
Boot emergendisk with console

After the reboot, you are in the USB file system. You can see the files system on the Gaia computer in the /mnt/hdd directory.

Note - When using an Emergendisk removable device that was created on a different Gaia computer, it may fail to mount the local file system.