Introduction to the Command Line Interface

This chapter introduces the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. command line interface.

The default Gaia shell is called clish.

To use the Gaia Clish:

Step	Instructions
1	Connect to the Gaia platform using one of these options: In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Using a command-line connection (SSH, or a console).
2	Log in using a user name and password. Immediately after installation, the default user name and password are admin and admin.

To use the Gaia Clish on Security Groups:

To configure Security Groups, use the Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. (Global Clish):

Step	Instructions
1	Connect to the command line on the applicable Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..
2	Log in to Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..
3	Type this command and press Enter: gclish

Notes for Security Groups:

• You use Gaia gClish like Gaia Clish, but the commands are global by default and performed on all the Security Group Members, which are part of a Security Group.

• The Gaia gClish commands are not applied on Security Group Members that are in status DOWN. If a "set" command is performed while an Security Group Member was in status DOWN (either administratively or because of a failure), that command is not applied on that Security Group Member. The Security Group Member synchronizes its database during its startup process. If the database changed, the Security Group Member reboots itself in order for the changes to apply.

• The config-lock is the lock that protects Gaia gClish database. One Security Group Member can hold the lock for the system.

  When user attempts to perform Gaia gClish "set" operations from a specific Security Group Member, user should make sure that this Security Group Member holds the config-lock.

  • To see the current config-lock, run:

    show {config-lock | config-state}

  • To acquire the config-lock, run:

    set config-lock on override

• The Gaia gClish traffic runs in Security Groups on the Sync interface, on TCP port 1129.

• Similarly to Gaia Clish, Gaia gClish is capable of running extended commands.

  Run this command to see the list of the Gaia gClish extended commands:

  show commands extended

• To run a command on specific set of Security Group Members, run the "set blade-range" command.

  This runs all the Gaia gClish embedded commands only on the specified subset of Security Group Members.

  Best Practice - Because all Security Group Members must have identical configuration, we highly recommend you use the "set blade-range" command.

To saving configuration changes:

When you change the OS configuration with in Gaia Clish, changes are applied immediately to the running system only.

To have the changes survive a reboot, you must run this command:

save config