Advanced Gaia Configuration
Configuring the Gaia Portal Web Server
Description
You can configure the server responsible for the Gaia Portal
Web interface for the Check Point Gaia operating system..
Syntax
-
To configure Gaia
Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal web server:set web
daemon-enable {on | off}session-timeout <Timeout>
ssl-port <Port>
ssl3-enabled {on | off}table-refresh-rate <Rate>
-
To show the Gaia Portal web server configuration:
show web
daemon-enable
session-timeout
ssl-port
ssl3-enabled
table-refresh-rate
|
|
Important - After you add, configure, or delete features, run the " |
Parameters
|
Parameter |
Description |
||
|---|---|---|---|
|
|
Enables or disables the Gaia Portal web daemon.
|
||
|
|
Configures the time (in minutes), after which the HTTPS session to the Gaia Portal terminates.
|
||
|
|
Configures the TCP port number, on which the Gaia Portal can be accessed over HTTPS.
Use this command for initial configuration only. Changing the port number on the command line may cause inconsistency with the setting defined in SmartConsole
|
||
|
|
Enables or disables the HTTPS SSLv3 connection to Gaia Portal.
|
||
|
|
Configures the refresh rate (in seconds), at which some tables in the Gaia Portal are refreshed.
|
Resetting the Expert Mode Password on a Security Gateway
If you forget your Expert mode password for a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or Cluster Member Security Gateway that is part of a cluster., follow sk106490.
Configuring Supported SSH Ciphers, MACs, and KexAlgorithms
Description
You can configure different settings for the SSH daemon on the Gaia Operating System.
You can configure these SSH settings in Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..
Procedure
-
Connect to the command line on the Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. / Security Gateway / Scalable Platform Security Group. -
Log in to the Expert mode.
-
Back up the current configuration file:
On a Management Server / Security Gateway:
cp -v /etc/ssh/templates/sshd_config.templ{,BKP}On a Scalable Platform Security Group:
g_all cp -v /etc/ssh/templates/sshd_config.templ{,BKP} -
Edit the current configuration file:
vi /etc/ssh/templates/sshd_config.templ -
Configure the applicable SSH Ciphers, edit the line that starts with the word Ciphers:
Ciphers VALUE1,VALUE2,...,VALUEx
Notes:
-
If this line does not exist, add it.
-
By default, Gaia OS uses the first configured Cipher.
-
Values must be separated by commas without spaces.
-
-
Configure the applicable SSH Message Authentication Codes (MACs), edit the line that starts with the word Macs:
Macs VALUE1,VALUE2,...,VALUEx
Notes:
-
If this line does not exist, add it.
-
By default, Gaia OS uses the first configured MAC.
-
Values must be separated by commas without spaces.
-
-
Configure the applicable SSH Key Exchange Algorithms, edit the line that starts with the word KexAlgorithms:
KexAlgorithms VALUE1,VALUE2,...,VALUEx
Notes:
-
If this line does not exist, add it.
-
By default, Gaia OS uses the first configured MAC.
-
Values must be separated by commas without spaces.
-
-
Save the changes in the file and exit the editor.
-
On a Scalable Platform Security Group, copy the updated file to all Security Group Members:
asg_cp2blades /etc/ssh/templates/sshd_config.templ -
Import the updated configuration into the Gaia OS database:
On a Management Server / Security Gateway:
/bin/sshd_template_xlate < /config/activeOn a Scalable Platform Security Group:
g_all /bin/sshd_template_xlate < /config/active -
Restart the SSH server:
On a Management Server / Security Gateway:
service sshd restartOn a Scalable Platform Security Group:
g_all service sshd restart