Advanced Gaia Configuration

Configuring the Gaia Portal Web Server

Description

You can configure the server responsible for the Gaia Portal Web interface for the Check Point Gaia operating system..

Syntax

To configure Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal web server:

set web

      daemon-enable {on | off}

      session-timeout <Timeout>

      ssl-port <Port>

      ssl3-enabled {on | off}

      table-refresh-rate <Rate>

To show the Gaia Portal web server configuration:

show web

      daemon-enable

      session-timeout

      ssl-port

      ssl3-enabled

      table-refresh-rate

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Parameters

Parameter

Description

daemon-enable {on | off}

Enables or disables the Gaia Portal web daemon.

Range: on, or off
Default: on

session-timeout <Timeout>

Configures the time (in minutes), after which the HTTPS session to the Gaia Portal terminates.

Range: 1 - 720
Default: 15

ssl-port <Port>

Configures the TCP port number, on which the Gaia Portal can be accessed over HTTPS.

Range: 1 - 65535
Default: 443

Use this command for initial configuration only.

Changing the port number on the command line may cause inconsistency with the setting defined in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. Use SmartConsole to set the SSL port for the Portal.

Note - This setting does not affect HTTP connections. Normally this port should be left at the default 443. If you change the port number, you must change the URL used to access the Gaia Portal from https://<Hostname or IP Address>/ to https://<Hostname or IP Address>:<PORTNUMBER>

ssl3-enabled {on | off}

Enables or disables the HTTPS SSLv3 connection to Gaia Portal.

Range: on, or off
Default: off

table-refresh-rate <Rate>

Configures the refresh rate (in seconds), at which some tables in the Gaia Portal are refreshed.

Range: 10 - 240
Default: 10

Resetting the Expert Mode Password on a Security Gateway

Follow sk106490 if you forget your Expert mode password for a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., Cluster Member Security Gateway that is part of a cluster., or Scalable Platform Security Group.

Configuring Supported SSH Ciphers and MACs

Description

You can configure different settings for the SSH daemon on the Gaia Operating System.

You can configure these SSH settings in Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

Syntax for SSH Ciphers

To view the supported SSH Ciphers:

show ssh server cipher supported

These are the supported SSH Ciphers:

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
rijndael-cbc@lysator.liu.se

To view the enabled SSH Ciphers:

show ssh server cipher enabled

These are the SSH Ciphers that are enabled by default:

aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

To enable or disable the supported SSH Ciphers:

set ssh server cipher <Cipher> {on | off}

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Syntax for SSH Message Authentication Codes (MACs)

To view the supported SSH Message Authentication Codes:

show ssh server mac supported

These are the supported SSH Message Authentication Codes:

hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1
hmac-sha1-96-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com

To view the enabled SSH Message Authentication Codes:
- hmac-sha1
- hmac-sha1-etm@openssh.com
- hmac-sha2-256
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512
- hmac-sha2-512-etm@openssh.com
- umac-64-etm@openssh.com
- umac-64@openssh.com
- umac-128-etm@openssh.com
- umac-128@openssh.com

To enable or disable the supported SSH Message Authentication Codes:

set ssh server mac <Message Authentication Code> {on | off}

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.