Expert Mode

Important:

On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish of the applicable Security Group.
On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in the Expert mode on the applicable Security Group.
After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Overview

The default Gaia shell is called clish.

Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). is a restrictive shell (role-based administration controls the number of commands available in the shell).

While the use of Gaia Clish is encouraged for security reasons, Gaia Clish does not give access to low level system functions.

For low-level configuration, use the more permissive Expert mode shell.

In addition, see sk144112 - Dynamic CLI: Enhancing Gaia Clish with new "Expert" mode commands.

Moving Between Shells

To go from Gaia Clish to the Expert shell, run in Gaia Clish:

expert

To exit from the Expert shell and go back to Gaia Clish, run in the Expert mode:

exit

Notes

There is no default password for the Expert mode. You must configure a password for the Expert mode before you can use it.

For instructions to configure the Expert mode password, see System Passwords.
If a command is supported in Gaia Clish, it is not supported to run the corresponding command in the Expert mode.

For example, to work with interfaces, Gaia Clish provides the commands "show interface" and "set interface".

Therefore, it is not supported to run the "ifconfig" command in the Expert mode.
The Expert mode does not provide more privileges, only more configuration abilities.
The Expert mode is not a security feature. Rather, it offers protection against mistakes.
Refer to sk181230 to receive audit logs for the Expert mode login on Gaia servers.

Running Gaia Clish Commands from the Expert mode

You can run Gaia Clish commands from the Expert mode.

You can configure and view Gaia OS settings only with Gaia Clish commands. You can automate various tasks for working with Gaia OS settings in the Expert mode.

Syntax on a Security Gateway / Cluster Member / Management Server / Log Server

clish ?

clish {-c <Gaia Clish Command> | -f <File> [-i]} [-s] [-o {pretty | structured | xml}] [-d <Debug Level>]

Syntax on a Scalable Platform Security Group

gclish ?

gclish {-c <Gaia Clish Command> | -f <File> [-i]} [-s] [-o {pretty | structured | xml}] [-d <Debug Level>]

CLI Parameters

Parameter

Description

?

Shows the built-in help.

-c <Gaia Clish Command>

Specifies the single Gaia Clish command to run.

The maximum length of the Gaia Clish command is 512 characters.

-f <File> [-i]

Specifies a full path to a plain-text file with Gaia Clish commands to run in the Batch Mode:

This file must contain only Gaia Clish commands (one command per line).
Each line is limited to 512 characters.
Every line that starts with the pound character "#" is treated as a comment and is not executed.

The optional parameter "-i" specifies to execute the next command in the file if the current command failed.

-s

Specify to run the Gaia Clish command "save config" at the end, to save the changes in the Gaia database.

-o <Output Format>

Specifies the output format on the screen:

pretty

Output is formatted to be clear.

This is the default.
structured

Output is delimited by semi-colons.
xml

Adds XML tags to the output.

For more information, see Client Environment Output Format.

-d <Debug Level>

Specifies the Debug Level (useful for Check Point R&D):

0 - Shows only errors (default)
from 1 to 3 - Shows more verbose messages
4 - Shows all messages (highest level of debug)

Note: The debug level can be set in these two ways:

In Gaia Clish, run:

set clienv debug <Debug Level>

save clienv

The debug level is saved in the /home/<username>/.clishrc file.

Gaia OS overwrites this file each time you run the Gaia Clish command "save clienv".

Example of a ".clishrc" file:

# It is SAFE to change values in this file.
#
History=100
Prompt=%M>
DebugLevel=4
EchoCommand=Off
OnFailure=Stop
SyntaxCheck=Off
OutputMode=Pretty
ConfigLock=On

In the Expert mode, run:

clish -d <Debug Level> {-c <Gaia Clish Command> | -f <File> [-i]}

Example

[Expert@MyGW:0]# clish -c "show version all"
Product version Check Point Gaia R81.20
OS build 123
OS kernel version 456
OS edition 64-bit
[Expert@MyGW:0]#