Configuring Cloning Groups in Gaia Clish

Note - When run from the cadmin account, these commands apply to all members of the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. group.

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Cloning Group Modes

You can create Cloning Groups in either Manual mode, or ClusterXL mode.

Step

Instructions

1

Set the cloning group mode to manual.

2

Set the cloning group local IP address.

3

Set the cloning group password.

4

Set the cloning group state to on.

5

Optional: Set a name for the Cloning Group.

Perform these steps on each of the Security Gateways.

Step

Instructions

1

Set the cloning group mode to manual.

2

Set the cloning group local IP address.

3

Set the cloning group password.

4

Run the "join cloning group" command to join the Cloning Group.

Perform these steps on all member Security Gateways.

Step

Instructions

1

Set the cloning group mode to ClusterXL.

2

Set the cloning group password.

3

Set the cloning group state to on.

CLI Syntax

Syntax

set cloning-group

      local-ip <IPv4 address>

      mode {manual | cluster-xl}

      name <Name of Cloning Group>

      password <Password>

      state {on | off}

Parameters

Parameter

Description

local-ip <IPv4 address>

The IPv4 address used to synchronize shared features between members of the Cloning Group.

mode {manual | cluster-xl}

The mode determines whether the Cloning Group is defined manually, or through ClusterXL.

name <Name of Cloning Group>

Name of the Cloning Group.

password <Password>

Password for the administrator's (cadmin) account, used to access the Cloning Group configuration in the Gaia PortalClosed Web interface for the Check Point Gaia operating system., or Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

When prompted, enter and confirm the password.

state {on | off}

Enables (on) or disables (off) the Cloning Group feature.

Important - When you configure the state "off", the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. is removed from the Cloning Group.

Syntax

add cloning-group shared-feature <Feature>

Parameters

Parameter

Description

<Feature>

The name of the feature to be synchronized between the members of the Cloning Group.

The features are listed in the same order, in which they are shown in Gaia Clish when you run the "show cloning-group shared-feature" command.

Table: Shared Features in Gaia Clish

Name of Shared Feature

Description

aggregate

Configure route aggregation - create a supernet network from the combination of networks with a common routing prefix.

bgp

Configure dynamic routing via the Border Gateway Protocol.

bootp

Configure IPv4 DHCP Relay - relay of DHCP and BOOTP messages between clients and servers on different IPv4 Networks.

cron

Configure job scheduler - schedule automated tasks that perform actions at a specific time.

dhcp6relay

Configure IPv6 DHCP Relay - relay of DHCPv6 messages between clients and servers on different IPv6 Networks.

dns

Configure DNS servers.

hosts

Configure known hosts.

igmp

Establish multicast group memberships via the Internet Group Management Protocol.

inboundfilters

Configure Inbound Route Filters for RIP, OSPFv2, BGP, and OSPFv3 (supports IPv4 and IPv6).

ipreachdetect

Configure reachability detection of IP Addresses.

time

Configure the time and date of the system.

ntp

Configure Network Time Protocol (NTP) for synchronizing the system's clock over a network.

message

Configure banner messages.

ospf

Configure IPv4 dynamic routing via the Open Shortest-Path First v2 protocol.

ospf3

Configure IPv6 dynamic routing via the Open Shortest-Path First v3 protocol.

password-controls

Configure password and account policies.

mailrelay

Configure email address, to which Gaia sends mail notifications.

display-format

Configure how the system displays time, date and netmask.

http

Configure session parameters, such as inactivity timeout.

net-access

Configure network access to Gaia.

users-and-roles

Configure users and roles settings.

arp

Configure static ARP entries and proxy ARP entries, control dynamic ARP entries.

syslog

Configure system logging settings.

proxy

Configure proxy settings.

host-access

Configure which hosts are allowed to connect to the clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. devices.

pbr

Configure policy based routing (PBR) priority rules and action tables.

pim

Configure Protocol-Independent Multicast.

prefix

Configure dynamic routing prefix lists and trees.

redistribution

Configure route redistribution - advertisement of routing information from one protocol to another (supports IPv4 and IPv6).

rip

Configure IPv4 dynamic routing via the Routing Information Protocol.

ripng

Configure IPv6 dynamic routing via the Routing Information Protocol.

routemap

Configure dynamic routing route maps.

routingoptions

Configure protocol ranks and trace (debug) options.

static

Configure static routes.

static-mroute

Configure static multicast routes.

snmp

Configure SNMP.

backup

Configure Gaia scheduled backups.

Syntax

delete cloning-group shared-feature <Feature>

Parameters

Parameter

Description

<Feature>

The name of the feature to be deleted from the list of shared features.

To see the list of the enabled Shared Features:

  1. Enter:

    delete cloning-group shared-feature

  2. Press <SPACE> and <TAB>.

Syntax

join cloning-group remote-ip <IPv4 address of Cloning Group>

Parameters

Parameter

Description

<IPv4 address of Cloning Group>

The IPv4 address of the Cloning Group member, to which you join.

Note - This option is not available, if you are logged into the cadmin account.

leave cloning-group

Syntax

delete cloning-group disconnected-member <IPv4 address of Member>

Parameters

Parameter

Description

<IPv4 address of Member>

The IPv4 address of the Cloning Group member that became inaccessible.

Important - Use this command only for troubleshooting purposes, when the remote Cloning Group member is not accessible. A normal way to remove a member from a Cloning Group is to run the "leave cloning-group" command on that member.

Notes:

  • The Cloning Group configuration on the remote member itself does not change, and as soon as the device regains connectivity, it joins the Cloning Group again.

  • This command can only be run if the Cloning Group is in Manual mode.

Syntax

show cloning-group

      local-ip

      members

      mode

      name

      shared-feature

      state

      status

Parameters

Parameter

Description

local-ip

The IPv4 address used to synchronize shared features between the members of the Cloning Group.

members

Shows the members of the Cloning Group.

mode

Shows the Cloning Group mode - Manual, or Cluster XL

name

Shows the name of the Cloning Group

shared-feature

Lists the shared features that are enabled to be used by all members of the Cloning Group.

state

Shows the Cloning Group state - enabled, or disabled.

status

Shows the status of the Cloning Group member.

Note - This option is not available, if you are logged into the cadmin account.

re-synch cloning-group

When a user (local or remote) receives Cloning Group management privileges, the user can enable (or disable) the Cloning Group management mode, to create, delete, and edit Cloning Groups.

Syntax

set cloning-group-management {on | off}

Parameters

Parameter

Description

on

Enables the Cloning Group management mode.

off

Disables the Cloning Group management mode.