Print Download PDF Send Feedback

Previous

Next

Configuring Gaia for the First Time

After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.

Running the First Time Configuration Wizard in Gaia Portal

To start the Gaia First Time Configuration Wizard:

Step

Instructions

1

Connect a computer to the Gaia computer.

You must connect to the interface you configured during the Gaia installation (for example, eth0).

2

On your connected computer, configure a static IPv4 address in the same subnet as the IPv4 address you configured during the Gaia installation.

3

On your connected computer, in a web browser, connect to the IPv4 address you configured during the Gaia installation:

https://<IPv4_Address_of_Gaia>

4

Enter the default username and password: admin and admin.

5

Click Login.

The Check Point First Time Configuration Wizard opens.

6

Follow the instructions on the First Time Configuration Wizard windows.

See the applicable chapters below for installing specific Check Point products.

Below you can find the description of the First Time Configuration Wizard windows and their fields.

Deployment Options window:

In this window, you select how to deploy Gaia Operating System.

Section

Options

Description

Setup

Continue with R80.20 configuration

Use this option to configure the installed Gaia and Check Point products.

Install

Install from Check Point Cloud

Install from USB device

Use these options to install a Gaia version.

Recovery

Import existing snapshot

Use this option to import an existing Gaia snapshot.

If in the Deployment Options window, you selected Install from Check Point Cloud, the First Time Configuration Wizard asks you to configure the connection to Check Point Cloud. These options appear (applies only to Check Point appliances that you configured as a Security Gateway):

Management Connection window:

In this window, you select and configure the main Gaia Management Interface. You connect to this IP address to open the Gaia Portal or CLI session.

Field

Description

Interface

By default, First Time Configuration Wizard selects the interface you configured during the Gaia installation (for example, eth0).

Note - After you complete the First Time Configuration Wizard and reboot, you can select another interface as the main Gaia Management Interface and configure its IP settings.

Configure IPv4

Select how the Gaia Management Interface gets its IPv4 address:

  • Manually - You configure the IPv4 settings in the next fields.
  • Off - None.

IPv4 address

Enter the desired IPv4 address.

Subnet mask

Enter the applicable IPv4 subnet mask.

Default Gateway

Enter the IPv4 address of the applicable default gateway.

Configure IPv6

Select how the Gaia Management Interface gets its IPv6 address:

  • Manually - You configure the IPv6 settings in the next fields.
  • Off - None.

IPv6 Address

Enter the desired IPv6 address.

Mask Length

Enter the applicable IPv6 mask length.

Default Gateway

Enter the IPv6 address of the applicable default gateway.

Internet Connection window:

Optional: In this window, you configure the interface that connects the Gaia computer to the Internet.

Field

Description

Interface

Select the applicable interface on this computer.

Configure IPv4

Select how the applicable interface gets its IPv4 address:

  • Manually - You configure the IPv4 settings in the next fields.
  • Off - None.

IPv4 address

Enter the desired IPv4 address.

Subnet mask

Enter the applicable IPv4 subnet mask.

Configure IPv6

Optional. Select how the applicable interface gets its IPv6 address:

  • Manually - You configure the IPv6 settings in the next fields.
  • Off - None.

IPv6 Address

Enter the desired IPv6 address.

Subnet

Enter the applicable IPv6 subnet mask.

Device Information window:

In this window, you configure the Host name, the DNS servers and the Proxy server on the Gaia computer.

Field

Description

Host Name

Enter the desired distinct host name.

Domain Name

Optional: Enter the applicable domain name.

Primary DNS Server

Enter the applicable IPv4 address of the primary DNS server.

Secondary DNS Server

Optional: Enter the applicable IPv4 address of the secondary DNS server.

Tertiary DNS Server

Optional: Enter the applicable IPv4 address of the tertiary DNS server.

Use a Proxy server

Optional: Select this option to configure the applicable Proxy server.

Address

Enter the applicable IPv4 address or resolvable hostname of the Proxy server.

Port

Enter the port number for the Proxy server.

Date and Time Settings window:

In this window, you configure the date and time settings on the Gaia computer.

Field

Description

Set the time manually

Select this option to configure the date and time settings manually.

Date

Select the correct date.

Time

Select the correct time.

Time Zone

Select the correct time zone.

Use Network Time Protocol (NTP)

Select this option to configure the date and time settings automatically with NTP.

Primary NTP server

Enter the applicable IPv4 address or resolvable hostname of the primary NTP server.

Version

Select the version of the NTP for the primary NTP server.

Secondary NTP server

Optional: Enter the applicable IPv4 address or resolvable hostname of the secondary NTP server.

Version

Select the version of the NTP for the secondary NTP server.

Time Zone

Select the correct time zone.

Installation Type window:

In this window, you select which type of Check Point products you wish to install on the Gaia computer.

Field

Description

Security Gateway and/or Security Management

Select this option to install:

  • A Single Security Gateway.
  • A Cluster Member.
  • A Security Management Server, including Management High Availability.
  • An Endpoint Security Management Server.
  • An Endpoint Policy Server.
  • CloudGuard Controller.
  • A dedicated single Log Server.
  • A dedicated single SmartEvent Server.
  • A Standalone.

Multi-Domain Server

Select this option to install:

  • A Multi-Domain Security Management Server, including Management High Availability.
  • A dedicated single Multi-Domain Log Server.

Products window:

In this window, you continue to select which type of Check Point products you wish to install on the Gaia computer.

If in the Installation Type window, you selected Security Gateway and/or Security Management, these options appear:

Field

Description

Security Gateway

Select this option to install:

  • A single Security Gateway.
  • A Cluster Member.
  • A Standalone.

Security Management

Select this option to install:

  • A Security Management Server, including Management High Availability.
  • An Endpoint Security Management Server.
  • An Endpoint Policy Server.
  • CloudGuard Controller.
  • A dedicated single Log Server.
  • A dedicated single SmartEvent Server.
  • A Standalone.

Unit is a part of a cluster

This option is available only if you selected Security Gateway.

Select this option to install a cluster of dedicated Security Gateways, or a Full High Availability Cluster.

Select the cluster type:

  • ClusterXL - For a cluster of dedicated Security Gateways, or a Full High Availability Cluster.
  • VRRP Cluster - For a VRRP Cluster on Gaia.

Define Security Management as

Select Primary to install:

  • A Security Management Server.
  • An Endpoint Security Management Server.
  • An Endpoint Policy Server.
  • CloudGuard Controller.

Select Secondary to install:

  • A Secondary Management Server in Management High Availability.

Select Log Server / SmartEvent only to install:

  • A dedicated single Log Server.
  • A dedicated single SmartEvent Server.

If in the Installation Type window, you selected Multi-Domain Server, these options appear:

Field

Description

Primary Multi-Domain Server

Select this option to install a Primary Multi-Domain Server in Management High Availability.

Secondary Multi-Domain Server

Select this option to install a Secondary Multi-Domain Server in Management High Availability.

Multi-Domain Log Server

Select this option to install a dedicated single Multi-Domain Log Server.

Note - By default, the option Automatically download Blade Contracts and other important data is enabled. See sk111080.

Dynamically Assigned IP window:

In this window, you select if this Security Gateway gets its IP address dynamically (DAIP gateway).

Field

Description

Yes

Select this option, if this Security Gateway gets its IP address dynamically (DAIP gateway).

No

Select this option, if you wish to configure this Security Gateway with a static IP address.

Secure Internal Communication (SIC) window:

In this window, you configure a one-time Activation Key. You must enter this key later in SmartConsole when you create the corresponding object and initialize SIC.

Field

Description

Activation Key

Enter the desired one-time activation key (between 4 and 127 characters long).

Confirm Activation Key

Enter the same one-time activation key again.

Security Management Administrator window:

In this window, you configure the main administrator for this Security Management Server.

Field

Description

Use Gaia administrator: admin

Select this option, if you wish to use the default Gaia administrator (admin).

Define a new administrator

Select this option, if you wish to configure an administrator username and password manually.

Security Management GUI Clients window:

In this window, you configure which computers are allowed to connect with SmartConsole to this Security Management Server.

Field

Description

Any IP Address

Select this option to allow all computers to connect.

This machine

Select this option to allow only a specific computer to connect.

By default, the First Time Configuration Wizard uses the IPv4 address of your computer. You can change it to another IP address.

Network

Select this option to allow an entire IPv4 subnet of computers to connect.

Enter the applicable subnet IPv4 address and subnet mask.

Range of IPv4 addresses

Select this option to allow a specific range of IPv4 addresses to connect.

Enter the applicable start and end IPv4 addresses.

Leading VIP Interfaces Configuration window:

In this window, you select the main Leading VIP Interface on this Multi-Domain Server.

Field

Description

Select leading interface

Select the desired interface.

Multi-Domain Server GUI Clients window:

In this window, you configure which computers are allowed to connect with SmartConsole to this Multi-Domain Server.

Field

Description

Any host

Select this option to allow all computers to connect.

IP address

Select this option to allow only a specific computer to connect.

By default, the First Time Configuration Wizard uses the IPv4 address of your computer. You can change it to another IP address.

First Time Configuration Wizard Summary window:

In this window, you can see the installation options you selected.

By default, the option Improve product experience by sending data to Check Point is enabled. See sk111080.

Notes:

Running the First Time Configuration Wizard in CLI Expert mode

Description

Use this command in Expert mode to test and to run the First Time Configuration Wizard on a Gaia system for the first time after the system installation.

Notes:

Syntax

To run the First Time Configuration Wizard from a configuration string:

Step

Description

1

Run this command in Expert mode:

config_system --config-string <String of Parameters and Values>

A configuration string must consist of parameter=value pairs, separated by the ampersand (&).

You must enclose the whole string between quotation marks.

For example:

"hostname=myhost&domainname=somedomain.com&timezone='America/Indiana/Indianapolis'&ftw_sic_key=aaaa&install_security_gw=true&gateway_daip=false&install_ppak=true&gateway_cluster_member=true&install_security_managment=false"

For more information on valid parameters and values, see the config_system.

2

Reboot the system.

To run the First Time Configuration Wizard from a configuration file:

Step

Description

1

Run this command in Expert mode:

config_system -f <File Name>

2

Reboot the system.

If you do not have a configuration file, you can create a configuration template and fill in the parameter values as necessary.

Before you run the First Time Configuration Wizard, you can validate the configuration file you created.

To create a configuration file:

Step

Description

1

Run this command in Expert mode:

config_system -t <File Name>

2

Open the file you created in a text editor.

3

Edit all parameter values as necessary.

4

Save the updated configuration file.

To validate a configuration file:

Run this command in Expert mode:

config_system --config-file <File Name> --dry-run

Parameters

A configuration file contains the <parameter>=<value> pairs described in the table below.

Note - The config_system parameters can change from Gaia version to Gaia version. Run config_system --help to see the available parameters.

Parameter

Description

Valid values

install_security_gw

Installs Security Gateway, if set to true.

  • true
  • false

gateway_daip

Configures the Security Gateway as Dynamic IP (DAIP) Security Gateway, if set to true.

  • true
  • false

Note - Must be set to false, if ClusterXL or Security Management Server is enabled.

gateway_cluster_member

Configures the Security Gateway as member of ClusterXL, if set to true.

  • true
  • false

install_security_managment

Installs Security Management Server, if set to true.

  • true
  • false

install_mgmt_primary

Makes the installed Security Management Server the Primary one.

Note - The install_security_managment must be set to true.

  • true
  • false

Note - Can only be set to true, if the install_mgmt_secondary is set to false.

install_mgmt_secondary

Makes the installed Security Management Server a Secondary one.

Note - The install_security_managment must be set to true.

  • true
  • false

Note - Can only be set to true, if the install_mgmt_primary is set to false.

install_mds_primary

Makes the installed Security Management Server the Primary Multi-Domain Server.

Note - The install_security_managment must be set to true.

  • true
  • false

Note - Can only be set to true, if the install_mds_secondary is set to false.

install_mds_secondary

Makes the installed Security Management Server a Secondary Multi-Domain Server.

Note - The install_security_managment must be set to true.

  • true
  • false

Note - Can only be set to true, if the install_mds_primary is set to false.

install_mlm

Installs Multi-Domain Log Server, if set to true.

  • true
  • false

install_mds_interface

Specifies Multi-Domain Server management interface.

Name of the interface exactly as it appears in the device configuration.

Examples:
eth0, eth1

download_info

Downloads Check Point Software Blade contracts and other important information, if set to true (Best Practice - Optional, but highly recommended).

For more information, see sk94508.

  • true
  • false

upload_info

Uploads data that helps Check Point provide you with optimal services, if set to true (Best Practice - Optional, but highly recommended).

For more information, see sk94509.

  • true
  • false

mgmt_admin_radio

Configures Management Server administrator.

Note - Must be provided, if you install a Management Server.

Set to gaia_admin, if you wish to use the Gaia admin account.

Set to new_admin, if you wish to configure a new admin account.

mgmt_admin_name

Sets management administrator's username.

Note - Must be provided, if install_security_managment is set to true.

A string of alphanumeric characters.

mgmt_admin_passwd

Sets management administrator's password.

Note - Must be provided, if install_security_managment is set to true.

A string of alphanumeric characters.

mgmt_gui_clients_radio

Specifies SmartConsole clients that can connect to the Security Management Server.

  • any
  • range
  • network
  • this

mgmt_gui_clients_first_ip_field

Specifies the first address of the range, if mgmt_gui_clients_radio is set to range.

Single IPv4 address of a host.

Example:
192.168.0.10

mgmt_gui_clients_last_ip_field

Specifies the last address of the range, if mgmt_gui_clients_radio is set to range.

Single IPv4 address of a host.

Example:
192.168.0.20

mgmt_gui_clients_ip_field

Specifies the network address, if mgmt_gui_clients_radio is set to network.

IPv4 address of a network.

Example:
192.168.0.0

mgmt_gui_clients_subnet_field

Specifies the netmask, if mgmt_gui_clients_radio is set to network.

A number from 1 to 32.

mgmt_gui_clients_hostname

Specifies the netmask, if mgmt_gui_clients_radio is set to this.

Single IPv4 address of a host.

Example:
192.168.0.15

ftw_sic_key

Sets a secure Internal Community key, if install_security_managment is set to false.

A string of alphanumeric characters.

admin_hash

Sets administrator's password.

A string of alphanumeric characters, enclosed between single quotation marks.

iface

Interface name (optional).

Name of the interface exactly as it appears in the device configuration.

Examples:
eth0, eth1

ipstat_v4

Turns on static IPv4 configuration, if set to manually.

  • manually
  • off

ipaddr_v4

Sets IPv4 address of the management interface.

Single IPv4 address.

masklen_v4

Sets IPv4 mask length for the management interface.

A number from 0 to 32.

default_gw_v4

Specifies IPv4 address of the default gateway.

Single IPv4 address.

ipstat_v6

Turns static IPv6 configuration on, if set to manually.

  • manually
  • off

ipaddr_v6

Sets IPv6 address of the management interface.

Single IPv6 address.

masklen_v6

Sets IPv6 mask length for the management interface.

A number from 0 to 128.

default_gw_v6

Specifies IPv6 address of the default gateway.

Single IPv6 address.

hostname

Sets the name of the local host (optional).

A string of alphanumeric characters.

domainname

Sets the domain name (optional).

Fully qualified domain name.

Example:
somedomain.com

timezone

Sets the Area/Region (optional).

The Area/Region must be enclosed between single quotation marks.

Examples:
'America/New_York'
'Asia/Tokyo'

Note - To see the available Areas and Regions, connect to any Gaia computer, log in to Gaia Clish, and run (names of Areas and Regions are case-sensitive):
set timezone Area<SPACE><TAB>

ntp_primary

Sets the IP address of the primary NTP server (optional).

IPv4 address.

ntp_primary_version

Sets the NTP version of the primary NTP server (optional).

  • 1
  • 2
  • 3
  • 4

ntp_secondary

Sets the IP address of the secondary NTP server (optional).

IPv4 address.

ntp_secondary_version

Sets the NTP version of the secondary NTP server (optional).

  • 1
  • 2
  • 3
  • 4

primary

Sets the IP address of the primary DNS server (optional).

IPv4 address.

secondary

Sets the IP address of the secondary DNS server (optional).

IPv4 address.

tertiary

Sets the IP address of the tertiary DNS server (optional).

IPv4 address.

proxy_address

Sets the IP address of the proxy server (optional).

IPv4 address, or Hostname.

proxy_port

Sets the port number of the proxy server (optional).

A number from 1 to 65535.

reboot_if_required

Reboots the system after the configuration, if set to true (optional).

  • true
  • false