Advanced Gaia Configuration

Configuring the Gaia Portal Web Server

Description

You can configure the server responsible for the Gaia Portal Web interface for the Check Point Gaia operating system..

Syntax

To configure Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal web server:

set web

      daemon-enable {on | off}

      session-timeout <Timeout>

      ssl-port <Port>

      ssl3-enabled {on | off}

      table-refresh-rate <Rate>

To show the Gaia Portal web server configuration:

show web

      daemon-enable

      session-timeout

      ssl-port

      ssl3-enabled

      table-refresh-rate

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Parameters

Parameter

Description

daemon-enable {on | off}

Enables or disables the Gaia Portal web daemon.

Range: on, or off
Default: on

session-timeout <Timeout>

Configures the time (in minutes), after which the HTTPS session to the Gaia Portal terminates.

Range: 1 - 720
Default: 15

ssl-port <Port>

Configures the TCP port number, on which the Gaia Portal can be accessed over HTTPS.

Range: 1 - 65535
Default: 443

Use this command for initial configuration only.

Changing the port number on the command line may cause inconsistency with the setting defined in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. Use SmartConsole to set the SSL port for the Portal.

Note - This setting does not affect HTTP connections. Normally this port should be left at the default 443. If you change the port number, you must change the URL used to access the Gaia Portal from https://<Hostname or IP Address>/ to https://<Hostname or IP Address>:<PORTNUMBER>

ssl3-enabled {on | off}

Enables or disables the HTTPS SSLv3 connection to Gaia Portal.

Range: on, or off
Default: off

table-refresh-rate <Rate>

Configures the refresh rate (in seconds), at which some tables in the Gaia Portal are refreshed.

Range: 10 - 240
Default: 10

Resetting the Expert Mode Password on a Security Gateway

If you forget your Expert mode password for a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or Cluster Member Security Gateway that is part of a cluster., follow sk106490.

Configuring Supported SSH Ciphers, MACs, and KexAlgorithms

Description

You can configure different settings for the SSH daemon on the Gaia Operating System.

You can configure these SSH settings in Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

Procedure for the R80.40 Jumbo Hotfix Accumulator, Take 83 and higher

Connect to the command line on the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. / Security Gateway.
Log in to the Expert mode.

Back up the current configuration file:

cp -v /etc/ssh/templates/sshd_config.templ{,BKP}

Edit the current configuration file:

vi /etc/ssh/templates/sshd_config.templ

Configure the applicable SSH Ciphers, edit the line that starts with the word Ciphers:

Ciphers VALUE1,VALUE2,...,VALUEx

Notes:

If this line does not exist, add it.
By default, Gaia OS uses the first configured Cipher.
Values must be separated by commas without spaces.

Configure the applicable SSH Message Authentication Codes (MACs), edit the line that starts with the word Macs:

Macs VALUE1,VALUE2,...,VALUEx

Notes:

If this line does not exist, add it.
By default, Gaia OS uses the first configured MAC.
Values must be separated by commas without spaces.

Configure the applicable SSH Key Exchange Algorithms, edit the line that starts with the word KexAlgorithms:

KexAlgorithms VALUE1,VALUE2,...,VALUEx

Notes:

If this line does not exist, add it.
By default, Gaia OS uses the first configured KexAlgorithm.
Values must be separated by commas without spaces.

Save the changes in the file and exit the editor.

Import the updated configuration into the Gaia OS database:

/bin/sshd_template_xlate < /config/active

Restart the SSH server:

service sshd restart

Procedure for R80.40 and the R80.40 Jumbo Hotfix Accumulator, Take lower than 83

Connect to the command line on the Gaia OS server.
Log in to the Expert mode.

Back up each of these configuration files:

cp -v /etc/ssh/ssh_config{,BKP}

cp -v /etc/ssh/sshd_config{,BKP}

Edit each of these configuration files:

vi /etc/ssh/ssh_config

vi /etc/ssh/sshd_config

Configure the applicable SSH Ciphers, edit the line that starts with the word Ciphers:

Ciphers VALUE1,VALUE2,...,VALUEx

Notes:

If this line does not exist, add it.
By default, Gaia OS uses the first configured Cipher.
Values must be separated by commas without spaces.

Configure the applicable SSH Message Authentication Codes (MACs), edit the line that starts with the word Macs:

Macs VALUE1,VALUE2,...,VALUEx

Notes:

If this line does not exist, add it.
By default, Gaia OS uses the first configured MAC.
Values must be separated by commas without spaces.

Configure the applicable SSH Key Exchange Algorithms, edit the line that starts with the word KexAlgorithms:

KexAlgorithms VALUE1,VALUE2,...,VALUEx

Notes:

If this line does not exist, add it.
By default, Gaia OS uses the first configured KexAlgorithm.
Values must be separated by commas without spaces.

Save the changes in the file and exit the editor.

Restart the SSH server:

service sshd restart