Centrally Managing Gaia Device Settings

Important - Scalable Platform Security Groups do not support Central Management of Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Device Settings (Known Limitation MBS-4754):

Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
From the left navigation panel, click Gateways & Servers.
Right-click on the Security Group object.
The Scripts and Actions menus are not supported.

Introduction of Gaia Central Management

SmartConsole lets you:

Centrally configure device settings for a Proxy server
Do Backup and Restore operation

A compressed .tgz backup file captures the Gaia OS configuration and the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. database.
Do maintenance operations:
- By opening the Gaia Portal Web interface for the Check Point Gaia operating system. or command shell from SmartConsole
- By fetching settings from the device, or by pushing settings to the device
Examine recent tasks:

The Recent Tasks tab, located in the bottom section of SmartConsole, shows recent Gaia Security Gateway management tasks done using SmartConsole.
Run command line scripts on the Security Gateway.

Output from the commands shows in the Recent Tasks window.

Double-click the task to see the complete output.
Receive notification on local device configuration change

The Status column in the Gateways view indicates changes in the device configuration
Implement configuration changes without a full policy install (Push Settings to Device action)
Automate the configuration of Cloning Groups and synchronization between the members

Managing Gaia in SmartConsole

After enabling Central management, Gaia Security Gateways can be more effectively managed through SmartConsole.

Running Command Scripts

One Time scripts

You can manually enter and run a command-line script on the selected GaiaSecurity Gateways.

This feature is useful for scripts that you do not need to run on a regular basis.

Understanding One-Time Scripts

When you specify a script:

By default, the maximum size of a script is 8 KB.
The output from the script shows in the Tasks tab at the bottom of the Gateways & Servers view.
The Run One Time Script window does not support interactive or continuous scripts. To run interactive or continuous scripts, open a command shell.

Note - SmartConsole limits the length of a script's output. For more, see sk181529.

Running a one-time script

Step

Instructions

Right-click the Security Gateway.

Select Scripts > Run One Time Script.

The Run One Time Script window opens.

You can:

Enter the command in the Script Body text box and specify script arguments, or

Load the complete command from a text file

Notes:

By default, the maximum size of a script is 8 kilobytes.
This value can be changed in SmartConsole > Main application menu > Global properties > Advanced > Configure > Central Device Management > device_settings_max_script_length_in_KB.

Click Run.

The output from the script shows in the Tasks tab > Results column.

Double-click the task to view the output in a larger window.

You can also right-click the task and select View, then Copy to Clipboard

Notes:

The Run One Time Script window does not support interactive or continuous scripts. To run interactive or continuous scripts, open a command shell.
If the Security Gateways are not part of a Cloning Group, you can run a script on multiple Security Gateways at the same time.

One Time Script Options

Script Body - Enter the script commands.

Load from File - Load a prepared script.

Comment - Enter a text comment (optional).

Run - Click to run the script that you entered.

Running script from the repository

You can run a predefined script from the script repository.

To run a script from the repository:

Step	Description
1	In the Gateways & Servers view, right-click the Security Gateways or Security Management Servers, on which you want to run scripts.
2	Select Scripts > Scripts Repository. The Scripts Repository window opens.
3	Do one of these steps: Select an existing script from the list, click Run, enter Arguments if needed, and click Run. Click New to create a new script for the repository, or load it from a text file. Click OK.

The output from the script shows in the Tasks tab at the bottom of the Gateways & Servers view.

Notes:

The Scripts Repository window does not support interactive or continuous scripts. To run interactive or continuous scripts, open a command shell.
You can run the script on multiple Security Gateways or Security Management Servers at the same time.
For a cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object, the script will run automatically on all cluster members.
The ~ character is not supported in scripts for security reasons.

Managing Repository Scripts

You can create new scripts, edit or delete scripts from the script repository.

To manage scripts:

Right-click the Security Gateway.
Select Scripts > Manage Script Repository
The Script Repository window opens

Note: You can also run and manage scripts by clicking Scripts in the Gateways view.

Backup and Restore

These options let you:

Back up the Gaia OS configuration and the Firewall database to a compressed file
Restore the Gaia OS configuration and the Firewall database from a compressed file

Best Practice - We recommended using System Backup to back up your system regularly. Schedule system backups on a regular basis, daily or weekly, to preserve the Gaia OS configuration and Firewall database.

Backing up the System

Note - After you install the Security Gateway for the first time, you must publish the SmartConsole session before you perform a system backup operation.

Backing up the system

Step

Instructions

In the Gateways & Servers view, right-click the Security Gateway object you want to back up.

Select Actions > System Backup.

The System Backup window opens.

Select the backup location. Use one of these options:

The Backup server defined for this gateway - To define a backup server for this Security Gateway, double-click the Security Gateway object, and click Network Management > System Backup
Enter the details of the backup server

Note - The path to the backup directory must start and end with forward slash (/) character. For example: /ftroot/backup/, or just / for the root directory of the server.

The file name must be according to this convention:

backup_<Name of Security Gateway object>_<Date of Backup>.tgz

Click OK.

The status of the backup operation shows in Tasks.

When the task is complete, double-click the entry to see the file path and name of the backup file.

Notes:

This name is necessary to do a system restore.
You can do backup on multiple Security Gateways at the same time.
When you back up a cluster, the system does backup on all members.

Restoring the System

Restoring the system

Step

Instructions

In the Gateways & Servers view, right-click the Security Gateway object you want to restore.

Select Actions > System Restore.

The System Restore window opens.

Enter the required information.

Note - If you cannot find the name of the file in Tasks, or did not save the file name after you completed the backup process:

Right-click the Security Gateway object.
Select Actions > Open Shell.

On the Security Gateway, run the Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). command:

show backup logs

Find the name of the compressed backup file.

The file is named according to this convention:

backup_<Name of Security Gateway object>_<Date of Backup>.tgz

Click OK.

Connectivity to the Security Gateway is lost.
The Security Gateway automatically reboots.

Install the policy on the Security Gateway object.

The status of the restore operation shows in Tasks tab.

Opening Gaia Portal and Gaia Clish

In SmartConsole, you can open a Security Gateway's the command line window, or the Gaia Portal. You can select the command line or the Gaia Portal from the right-click menu of a Security Gateway object, or from the top toolbar > Actions button.

Opening a command line window on the Security Gateway

Step	Instructions
1	In SmartConsole, right-click the Security Gateway object.
2	Select Actions > Open Shell. Log in with your Gaia credentials. The Open Shell uses public key authentication. For a cluster object, select the member, to which you want to connect. A command line window opens with default shell that was configured for the specified user.

Step

Instructions

In SmartConsole, right-click the Security Gateway object.

Select Actions > Open Shell.

Log in with your Gaia credentials.
The Open Shell uses public key authentication.
For a cluster object, select the member, to which you want to connect.

A command line window opens with default shell that was configured for the specified user.

Opening a Security Gateway Gaia Portal

Step

Instructions

In SmartConsole, right-click the Security Gateway object.

Select Actions > Gaia Portal.

Note - For a cluster, select the cluster member Security Gateway that is part of a cluster., for which you want to open the Gaia Portal.

The Gaia Portal opens in the default web browser.

The URL is taken from the Platform Portal page of the Security Gateway object.