After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.
To start the Gaia First Time Configuration Wizard:
Step |
Instructions |
---|---|
1 |
Connect a computer to the Gaia computer. You must connect to the interface you configured during the Gaia installation (for example, eth0). |
2 |
On your connected computer, configure a static IPv4 address in the same subnet as the IPv4 address you configured during the Gaia installation. |
3 |
On your connected computer, in a web browser, connect to the IPv4 address you configured during the Gaia installation:
|
4 |
Enter the default username and password: |
5 |
Click Login. The Check Point First Time Configuration Wizard opens. |
6 |
Follow the instructions on the First Time Configuration Wizard windows. See the applicable chapters below for installing specific Check Point products. |
Below you can find the description of the First Time Configuration Wizard windows and their fields.
Deployment Options window:
In this window, you select how to deploy Gaia Operating System.
Section |
Options |
Description |
---|---|---|
Setup |
Continue with R80.20 configuration |
Use this option to configure the installed Gaia and Check Point products. |
Install |
Install from Check Point Cloud Install from USB device |
Use these options to install a Gaia version. |
Recovery |
Import existing snapshot |
Use this option to import an existing Gaia snapshot. |
If in the Deployment Options window, you selected Install from Check Point Cloud, the First Time Configuration Wizard asks you to configure the connection to Check Point Cloud. These options appear (applies only to Check Point appliances that you configured as a Security Gateway):
Management Connection window:
In this window, you select and configure the main Gaia Management Interface. You connect to this IP address to open the Gaia Portal or CLI session.
Field |
Description |
---|---|
Interface |
By default, First Time Configuration Wizard selects the interface you configured during the Gaia installation (for example, eth0). Note - After you complete the First Time Configuration Wizard and reboot, you can select another interface as the main Gaia Management Interface and configure its IP settings. |
Configure IPv4 |
Select how the Gaia Management Interface gets its IPv4 address:
|
IPv4 address |
Enter the desired IPv4 address. |
Subnet mask |
Enter the applicable IPv4 subnet mask. |
Default Gateway |
Enter the IPv4 address of the applicable default gateway. |
Configure IPv6 |
Select how the Gaia Management Interface gets its IPv6 address:
|
IPv6 Address |
Enter the desired IPv6 address. |
Mask Length |
Enter the applicable IPv6 mask length. |
Default Gateway |
Enter the IPv6 address of the applicable default gateway. |
Internet Connection window:
Optional: In this window, you configure the interface that connects the Gaia computer to the Internet.
Field |
Description |
---|---|
Interface |
Select the applicable interface on this computer. |
Configure IPv4 |
Select how the applicable interface gets its IPv4 address:
|
IPv4 address |
Enter the desired IPv4 address. |
Subnet mask |
Enter the applicable IPv4 subnet mask. |
Configure IPv6 |
Optional. Select how the applicable interface gets its IPv6 address:
|
IPv6 Address |
Enter the desired IPv6 address. |
Subnet |
Enter the applicable IPv6 subnet mask. |
Device Information window:
In this window, you configure the Host name, the DNS servers and the Proxy server on the Gaia computer.
Field |
Description |
---|---|
Host Name |
Enter the desired distinct host name. |
Domain Name |
Optional: Enter the applicable domain name. |
Primary DNS Server |
Enter the applicable IPv4 address of the primary DNS server. |
Secondary DNS Server |
Optional: Enter the applicable IPv4 address of the secondary DNS server. |
Tertiary DNS Server |
Optional: Enter the applicable IPv4 address of the tertiary DNS server. |
Use a Proxy server |
Optional: Select this option to configure the applicable Proxy server. |
Address |
Enter the applicable IPv4 address or resolvable hostname of the Proxy server. |
Port |
Enter the port number for the Proxy server. |
Date and Time Settings window:
In this window, you configure the date and time settings on the Gaia computer.
Field |
Description |
---|---|
Set the time manually |
Select this option to configure the date and time settings manually. |
Date |
Select the correct date. |
Time |
Select the correct time. |
Time Zone |
Select the correct time zone. |
Use Network Time Protocol (NTP) |
Select this option to configure the date and time settings automatically with NTP. |
Primary NTP server |
Enter the applicable IPv4 address or resolvable hostname of the primary NTP server. |
Version |
Select the version of the NTP for the primary NTP server. |
Secondary NTP server |
Optional: Enter the applicable IPv4 address or resolvable hostname of the secondary NTP server. |
Version |
Select the version of the NTP for the secondary NTP server. |
Time Zone |
Select the correct time zone. |
Installation Type window:
In this window, you select which type of Check Point products you wish to install on the Gaia computer.
Field |
Description |
---|---|
Security Gateway and/or Security Management |
Select this option to install:
|
Multi-Domain Server |
Select this option to install:
|
Products window:
In this window, you continue to select which type of Check Point products you wish to install on the Gaia computer.
If in the Installation Type window, you selected Security Gateway and/or Security Management, these options appear:
Field |
Description |
---|---|
Security Gateway |
Select this option to install:
|
Security Management |
Select this option to install:
|
Unit is a part of a cluster |
This option is available only if you selected Security Gateway. Select this option to install a cluster of dedicated Security Gateways, or a Full High Availability Cluster. Select the cluster type:
|
Define Security Management as |
Select Primary to install:
Select Secondary to install:
Select Log Server / SmartEvent only to install:
|
If in the Installation Type window, you selected Multi-Domain Server, these options appear:
Field |
Description |
---|---|
Primary Multi-Domain Server |
Select this option to install a Primary Multi-Domain Server in Management High Availability. |
Secondary Multi-Domain Server |
Select this option to install a Secondary Multi-Domain Server in Management High Availability. |
Multi-Domain Log Server |
Select this option to install a dedicated single Multi-Domain Log Server. |
Note - By default, the option Automatically download Blade Contracts and other important data is enabled. See sk111080.
Dynamically Assigned IP window:
In this window, you select if this Security Gateway gets its IP address dynamically (DAIP gateway).
Field |
Description |
---|---|
Yes |
Select this option, if this Security Gateway gets its IP address dynamically (DAIP gateway). |
No |
Select this option, if you wish to configure this Security Gateway with a static IP address. |
Secure Internal Communication (SIC) window:
In this window, you configure a one-time Activation Key. You must enter this key later in SmartConsole when you create the corresponding object and initialize SIC.
Field |
Description |
---|---|
Activation Key |
Enter the desired one-time activation key (between 4 and 127 characters long). |
Confirm Activation Key |
Enter the same one-time activation key again. |
Security Management Administrator window:
In this window, you configure the main administrator for this Security Management Server.
Field |
Description |
---|---|
Use Gaia administrator: admin |
Select this option, if you wish to use the default Gaia administrator ( |
Define a new administrator |
Select this option, if you wish to configure an administrator username and password manually. |
Security Management GUI Clients window:
In this window, you configure which computers are allowed to connect with SmartConsole to this Security Management Server.
Field |
Description |
---|---|
Any IP Address |
Select this option to allow all computers to connect. |
This machine |
Select this option to allow only a specific computer to connect. By default, the First Time Configuration Wizard uses the IPv4 address of your computer. You can change it to another IP address. |
Network |
Select this option to allow an entire IPv4 subnet of computers to connect. Enter the applicable subnet IPv4 address and subnet mask. |
Range of IPv4 addresses |
Select this option to allow a specific range of IPv4 addresses to connect. Enter the applicable start and end IPv4 addresses. |
Leading VIP Interfaces Configuration window:
In this window, you select the main Leading VIP Interface on this Multi-Domain Server.
Field |
Description |
---|---|
Select leading interface |
Select the desired interface. |
Multi-Domain Server GUI Clients window:
In this window, you configure which computers are allowed to connect with SmartConsole to this Multi-Domain Server.
Field |
Description |
---|---|
Any host |
Select this option to allow all computers to connect. |
IP address |
Select this option to allow only a specific computer to connect. By default, the First Time Configuration Wizard uses the IPv4 address of your computer. You can change it to another IP address. |
First Time Configuration Wizard Summary window:
In this window, you can see the installation options you selected.
By default, the option Improve product experience by sending data to Check Point is enabled. See sk111080.
Notes:
/var/log/ftw_install.log
file contains one of these sentences: "installation succeeded" or "FTW: Complete".Run:
# cat /var/log/ftw_install.log | egrep --color "installation succeeded|FTW: Complete" |
Example output from a Security Gateway or Cluster Member:
[Expert@GW:0]# cat /var/log/ftw_install.log | egrep --color "installation succeeded|FTW: Complete" Apr 06, 18 19:19:51 FTW: Complete [Expert@GW:0]# |
Example output from a Security Management Server or a Standalone:
[Expert@SA:0]# cat /var/log/ftw_install.log | egrep --color "installation succeeded|FTW: Complete" May 01, 2018 03:48:38 PM installation succeeded. 05/01/18 15:48:39 FTW: Complete [Expert@SA:0]# |
Example output from a Multi-Domain Server:
[Expert@MDS:0]# cat /var/log/ftw_install.log | egrep --color "installation succeeded|FTW: Complete" Apr 08, 2018 07:43:15 PM installation succeeded. [Expert@MDS:0]# |
Description
Use this command in Expert mode to test and to run the First Time Configuration Wizard on a Gaia system for the first time after the system installation.
Notes:
config_system
utility is not an interactive configuration tool. It helps automate the first time configuration process.config_system
utility is only for the first time configuration, and not for ongoing system configurations.Syntax
Form |
Command |
---|---|
Short form |
|
Long form |
|
Form |
Command |
---|---|
Short form |
|
Long form |
|
Form |
Command |
---|---|
Short form |
|
Long form |
|
Form |
Command |
---|---|
Short form |
|
Long form |
|
config_system --dry-run |
Form |
Command |
---|---|
Short form |
|
Long form |
|
To run the First Time Configuration Wizard from a configuration string:
Step |
Description |
---|---|
1 |
Run this command in Expert mode:
A configuration string must consist of parameter=value pairs, separated by the ampersand (&). You must enclose the whole string between quotation marks. For example:
For more information on valid parameters and values, see the config_system. |
2 |
Reboot the system. |
To run the First Time Configuration Wizard from a configuration file:
Step |
Description |
---|---|
1 |
Run this command in Expert mode:
|
2 |
Reboot the system. |
If you do not have a configuration file, you can create a configuration template and fill in the parameter values as necessary.
Before you run the First Time Configuration Wizard, you can validate the configuration file you created.
To create a configuration file:
Step |
Description |
---|---|
1 |
Run this command in Expert mode:
|
2 |
Open the file you created in a text editor. |
3 |
Edit all parameter values as necessary. |
4 |
Save the updated configuration file. |
To validate a configuration file:
Run this command in Expert mode:
|
Parameters
A configuration file contains the <parameter>=<value>
pairs described in the table below.
Note - The config_system
parameters can change from Gaia version to Gaia version. Run config_system --help
to see the available parameters.
Parameter |
Description |
Valid values |
---|---|---|
|
Installs Security Gateway, if set to |
|
|
Configures the Security Gateway as Dynamic IP (DAIP) Security Gateway, if set to |
Note - Must be set to |
|
Configures the Security Gateway as member of ClusterXL, if set to |
|
|
Installs Security Management Server, if set to |
|
|
Makes the installed Security Management Server the Primary one. Note - The |
Note - Can only be set to |
|
Makes the installed Security Management Server a Secondary one. Note - The |
Note - Can only be set to |
|
Makes the installed Security Management Server the Primary Multi-Domain Server. Note - The |
Note - Can only be set to |
|
Makes the installed Security Management Server a Secondary Multi-Domain Server. Note - The |
Note - Can only be set to |
|
Installs Multi-Domain Log Server, if set to |
|
|
Specifies Multi-Domain Server management interface. |
Name of the interface exactly as it appears in the device configuration. Examples: |
|
Downloads Check Point Software Blade contracts and other important information, if set to For more information, see sk94508. |
|
|
Uploads data that helps Check Point provide you with optimal services, if set to For more information, see sk94509. |
|
|
Configures Management Server administrator. Note - Must be provided, if you install a Management Server. |
Set to Set to |
|
Sets management administrator's username. Note - Must be provided, if |
A string of alphanumeric characters. |
|
Sets management administrator's password. Note - Must be provided, if |
A string of alphanumeric characters. |
|
Specifies SmartConsole clients that can connect to the Security Management Server. |
|
|
Specifies the first address of the range, if |
Single IPv4 address of a host. Example: |
|
Specifies the last address of the range, if |
Single IPv4 address of a host. Example: |
|
Specifies the network address, if |
IPv4 address of a network. Example: |
|
Specifies the netmask, if |
A number from 1 to 32. |
|
Specifies the netmask, if |
Single IPv4 address of a host. Example: |
|
Sets a secure Internal Community key, if |
A string of alphanumeric characters. |
|
Sets administrator's password. |
A string of alphanumeric characters, enclosed between single quotation marks. |
|
Interface name (optional). |
Name of the interface exactly as it appears in the device configuration. Examples: |
|
Turns on static IPv4 configuration, if set to |
|
|
Sets IPv4 address of the management interface. |
Single IPv4 address. |
|
Sets IPv4 mask length for the management interface. |
A number from 0 to 32. |
|
Specifies IPv4 address of the default gateway. |
Single IPv4 address. |
|
Turns static IPv6 configuration on, if set to |
|
|
Sets IPv6 address of the management interface. |
Single IPv6 address. |
|
Sets IPv6 mask length for the management interface. |
A number from 0 to 128. |
|
Specifies IPv6 address of the default gateway. |
Single IPv6 address. |
|
Sets the name of the local host (optional). |
A string of alphanumeric characters. |
|
Sets the domain name (optional). |
Fully qualified domain name. Example: |
|
Sets the Area/Region (optional). |
The Area/Region must be enclosed between single quotation marks. Examples: Note - To see the available Areas and Regions, connect to any Gaia computer, log in to Gaia Clish, and run (names of Areas and Regions are case-sensitive): |
|
Sets the IP address of the primary NTP server (optional). |
IPv4 address. |
|
Sets the NTP version of the primary NTP server (optional). |
|
|
Sets the IP address of the secondary NTP server (optional). |
IPv4 address. |
|
Sets the NTP version of the secondary NTP server (optional). |
|
|
Sets the IP address of the primary DNS server (optional). |
IPv4 address. |
|
Sets the IP address of the secondary DNS server (optional). |
IPv4 address. |
|
Sets the IP address of the tertiary DNS server (optional). |
IPv4 address. |
|
Sets the IP address of the proxy server (optional). |
IPv4 address, or Hostname. |
|
Sets the port number of the proxy server (optional). |
A number from 1 to 65535. |
|
Reboots the system after the configuration, if set to |
|