Centrally Managing Gaia Device Settings

Important - Scalable Platform Security Groups do not support Central Management of GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Device Settings (Known Limitation MBS-4754):

  1. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  2. From the left navigation panel, click Gateways & Servers.

  3. Right-click on the Security Group object.

  4. The Scripts and Actions menus are not supported.

Introduction of Gaia Central Management

SmartConsole lets you:

  • Centrally configure network topology:

    • IPv4 and IPv6 addresses

    • IPv4 and IPv6 static routes

  • Centrally configure device settings for these network services:

    • DNS

    • NTP

    • Proxy server

  • Do Backup and Restore operation

    A compressed .tgz backup file captures the Gaia OS configuration and the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. database.

  • Do maintenance operations:

  • Examine recent tasks:

    The Recent Tasks tab, located in the bottom section of SmartConsole, shows recent Gaia Security Gateway management tasks done using SmartConsole.

  • Run command line scripts on the Security Gateway.

    Output from the commands shows in the Recent Tasks window.

    Double-click the task to see the complete output.

  • Receive notification on local device configuration change

    The Status column in the Gateways view indicates changes in the device configuration

  • Implement configuration changes without a full policy install (Push Settings to Device action)

  • Automate the configuration of Cloning Groups and synchronization between the members

Managing Gaia in SmartConsole

After enabling Central management, Gaia Security Gateways can be more effectively managed through SmartConsole.

Running Command Scripts

One Time scripts

You can manually enter and run a command line script on the selected Gaia Security Gateways.

This feature is useful for scripts that you do not have to run on a regular basis.

Step

Instructions

1

Right-click the Security Gateway.

2

Select Scripts > Run One Time Script.

3

The Run One Time Script window opens

You can:

  • Enter the command in the Script Body text box and specify script arguments, or

  • Load the complete command from a text file

    Notes:

    • By default, the maximum size of a script is: 8 kilobytes.

    • This value can be changed in SmartConsole > Main application menu > Global properties > Advanced > Configure > Central Device Management > device_settings_max_script_length_in_KB.

4

Click Run.

The output from the script shows in the Tasks tab > Results column.

  • Double-clicking the task shows the output in a larger window

  • You can also right-click the task, and select View, and then Copy to Clipboard

    Notes:

    • The Run One Time Script window does not support interactive or continuous scripts. To run interactive or continuous scripts, open a command shell.

    • If the Security Gateways are not part of a Cloning Group, you can run a script on multiple Security Gateways at the same time.

Step

Instructions

1

Right-click the Security Gateway.

2

Select Scripts > Run Repository Script.

3

The Select Script window opens.

You can:

  • Select a script from the drop-down box, or click New to create a new script for the repository.

  • Enter script arguments.

Note - The Select Script window does not support interactive or continuous scripts. To run interactive or continuous scripts, open a command shell.

4

Click Run.

The output from the script shows in the Tasks tab > Results column.

  • Placing the mouse in the Details column shows the output in a larger window.

  • You can also right-click, and select View, or Copy to Clipboard.

Manage repository scripts

You can create new scripts, edit or delete scripts from the script repository.

Step

Instructions

1

Right-click the Security Gateway.

2

Select Scripts > Manage Script Repository.

3

The Manage Scripts window opens.

Note - You can also run and manage scripts if you click Scripts in the Gateways view.

Understanding One-Time Scripts

If you specify a script:

  • By default, the maximum size of a script is: 8 kB.

  • The output from the script shows in the Tasks tab at the bottom of the Gateways & Servers view.

  • The Run One Time Script window does not support interactive or continuous scripts. To run interactive or continuous scripts, open a command shell.

Running Repository Scripts

You can run a predefined script from the script repository.

Step

Instructions

1

In the Gateways & Servers view, right-click the Security Gateways or Security Management Servers, on which you want to run scripts.

2

Select Scripts > Scripts Repository.

The Scripts Repository window opens.

3

Do one of these steps:

  • Select an existing script from the list, click Run, enter Arguments if needed, and click Run.

  • Click New to create a new script for the repository, or load it from a text file. Click OK.

The output from the script shows in the Tasks tab at the bottom of the Gateways & Servers view.

Notes:

Backup and Restore

These options let you:

  • Back up the Gaia OS configuration and the Firewall database to a compressed file

  • Restore the Gaia OS configuration and the Firewall database from a compressed file

Best Practice - We recommended using System Backup to back up your system regularly. Schedule system backups on a regular basis, daily or weekly, to preserve the Gaia OS configuration and Firewall database.

Backing up the System

Note - After you install the Security Gateway for the first time, you must publish the SmartConsole session before you perform a system backup operation.

Step

Instructions

1

In the Gateways & Servers view, right-click the Security Gateway object you want to back up.

2

Select Actions > System Backup.

The System Backup window opens.

3

Select the backup location. Use one of these options:

  • The Backup server defined for this gateway - To define a backup server for this Security Gateway, double-click the Security Gateway object, and click Network Management > System Backup

  • Enter the details of the backup server

Note - The path to the backup directory must start and end with forward slash (/) character. For example: /ftroot/backup/, or just / for the root directory of the server.

The file name must be according to this convention:

backup_<Name of Security Gateway object>_<Date of Backup>.tgz

4

Click OK.

The status of the backup operation shows in Tasks.

5

When the task is complete, double-click the entry to see the file path and name of the backup file.

Notes:

  • This name is necessary to do a system restore.

  • You can do backup on multiple Security Gateways at the same time.

  • When you back up a cluster, the system does backup on all members.

Restoring the System

Step

Instructions

1

In the Gateways & Servers view, right-click the Security Gateway object you want to restore.

2

Select Actions > System Restore.

The System Restore window opens.

3

Enter the required information.

Note - If you cannot find the name of the file in Tasks, or did not save the file name after you completed the backup process:

  1. Right-click the Security Gateway object.

  2. Select Actions > Open Shell.

  3. On the Security Gateway, run the Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). command:

    show backup logs

  4. Find the name of the compressed backup file.

    The file is named according to this convention:

    backup_<Name of Security Gateway object>_<Date of Backup>.tgz

4

Click OK.

  1. Connectivity to the Security Gateway is lost.

  2. The Security Gateway automatically reboots.

5

Install the policy on the Security Gateway object.

The status of the restore operation shows in Tasks tab.

Opening Gaia Portal and Gaia Clish

In SmartConsole, you can open a Security Gateway's the command line window, or the Gaia Portal. You can select the command line or the Gaia Portal from the right-click menu of a Security Gateway object, or from the top toolbar > Actions button.

Step

Instructions

1

In SmartConsole, right-click the Security Gateway object.

2

Select Actions > Open Shell.

  • Log in with your Gaia credentials.

  • The Open Shell uses public key authentication.

  • For a cluster object, select the member, to which you want to connect.

A command line window opens with default shell that was configured for the specified user.

Step

Instructions

1

In SmartConsole, right-click the Security Gateway object.

2

Select Actions > Gaia Portal.

Note - For a cluster, select the cluster memberClosed Security Gateway that is part of a cluster., for which you want to open the Gaia Portal.

The Gaia Portal opens in the default web browser.

The URL is taken from the Platform Portal page of the Security Gateway object.