Introduction to the Gaia Portal
This chapter gives a brief overview of the Gaia Portal
Web interface for the Check Point Gaia operating system. interface and procedures for using the interface elements.
Gaia Portal Overview
-
The Gaia
Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal is an advanced, web-based interface for Gaia platform configuration.You can do almost all system configuration tasks through this Web-based interface.
-
Easy Access - Simply connect with a web browser to:
https://<IP Address of Gaia Management Interface> -
Browser Support - Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari.
-
Powerful Search Engine - Makes it easy to find features or functionality to configure.
-
Easy Operation - Two operating modes:
-
Simplified mode, which shows only basic configuration options.
-
Advanced mode, which shows all configuration options.
You can easily change these modes.
-
-
Web-Based Access to Command Line - Clientless access to the Gaia Clish
The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). directly from your web browser.
The Gaia Portal interface
|
Item |
Description |
|---|---|
|
1 |
Navigation tree |
|
2 |
Toolbar |
|
3 |
Status bar |
|
4 |
Overview page with widgets that show system information |
|
5 |
Search tool |
Note - The browser Back button is not supported. Do not use it.
Logging in to the Gaia Portal
To log in to the Gaia Portal:
|
Step |
Instructions |
|
|---|---|---|
|
1 |
Enter this URL in your browser:
|
|
|
2 |
Enter your user name and password. |
|
|
Important: |
SSL connection ports on Security Management Servers R81 and higher
-
A Security Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. listens to SSL traffic for all services on the TCP port 443 in these cases:-
If you performed a clean installation of a Security Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. R81 and enabled the Endpoint Policy Management Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.. -
If you upgraded a Security Management Server with disabled Endpoint Policy Management Software Blade to R81 and enabled this Software Blade after the upgrade.
In these cases, when Endpoint Security SSL traffic arrives at the TCP port 443, the Security Management Server automatically redirects it (internally) to the TCP port 4434.
Service
URL and Port
Gaia Portal
https://<IP Address of Gaia Management Interface>SmartView Web Application
https://<IP Address of Management Server>/smartview/Management API Web Services
https://<IP Address of Management Server>/web_api/<command> -
-
If you upgraded a Security Management Server with enabled Endpoint Policy Management Software Blade to R81, then the SSL port configuration remains as it was in the previous version, from which you upgraded:
-
A Security Management Server listens to Endpoint Security SSL traffic on the TCP port 443
-
A Security Management Server listens to SSL traffic for all other services on the TCP port 4434:
Service
URL and Port
Gaia Portal
https://<IP Address of Gaia Management Interface>:4434SmartView Web Application
https://<IP Address of Management Server>:4434/smartview/Management API Web Services
https://<IP Address of Management Server>:4434/web_api/<command>
In R81 and higher, an administrator can manually configure different TCP ports for the Gaia Portal (and other services) and Endpoint Security - 443 or 4434. For the applicable procedures, see the R81 Harmony Endpoint Security Server Administration Guide > Chapter Endpoint Security Architecture > Section Connection Port to Services on an Endpoint Security Management Server.
-
SSL connection ports on Security Management Servers R80.40 and lower
-
When you enable the Endpoint Policy Management Software Blade on a Security Management Server, the SSL connection port to these services automatically changes from the default TCP port 443 to the TCP port 4434:
-
Gaia Portal
Configuration
URL and Port
Default
https://<IP Address of Gaia Management Interface>New
https://<IP Address of Gaia Management Interface>:4434 -
SmartView Web Application
Configuration
URL and Port
Default
https://<IP Address of Management Server>/smartview/New
https://<IP Address of Management Server>:4434/smartview/ -
Management API Web Services (see Check Point Management API Reference)
Configuration
URL and Port
Default
https://<IP Address of Management Server>/web_api/<command>New
https://<IP Address of Management Server>:4434/web_api/<command>
-
-
When you disable the Endpoint Policy Management Software Blade on a Security Management Server, the SSL connection port automatically changes back to the default TCP port 443.
Logging out from the Gaia Portal
Make sure that you always log out from the Gaia Portal (in the top right corner) before you close the web browser. This is because the configuration lock stays in effect even when you close the web browser or terminal window. The lock remains in effect until a different user removes the lock, or the defined inactivity time-out period expires (default is 10 minutes).
Working with the Configuration Lock
Only one user can have Read/Write access to Gaia configuration settings at a time. All other users can log in with Read-Only access to see configuration settings, as specified by their assigned roles (see Roles).
When you log in and no other user has Read/Write access, you get an exclusive configuration lock with Read/Write access. If a different user already has the configuration lock, you have the option to override their lock. If you:
-
Override the lock. The other user stays logged in with Read-Only access.
-
Do not override the lock. You cannot modify the settings.
Overriding a configuration lock in the Gaia Portal
-
Click the Configuration lock
(above the toolbar). The pencil icon (Read/Write enabled) replaces the lock. -
If you use a configuration settings page, click the Click here to obtain lock link. You can see this link if a different user overrides your configuration lock.
|
|
Note - Only users with Read/Write access privileges can override a configuration lock. |
Using the Gaia Portal Interface Elements
The Gaia Portal contains many elements that make the task of configuring features and system settings easier.
Toolbar Accessories
You can use these toolbar icons to do these tasks
|
Item |
Description |
|---|---|
|
|
Read/Write mode enabled. |
|
|
Configuration locked (Read Only mode). |
|
|
Opens the Console accessory for CLI commands. Available in the Read/Write mode only. |
|
|
Opens the Scratch Pad accessory for writing notes or for quick copy and paste operations. Available in the Read/Write mode only. |
Search Tool
You can use the search bar to find an applicable configuration page by entering a keyword. The keyword can be a feature, a configuration parameter or a word that is related to a configuration page.
The search shows a list of pages related to the entered keyword. To go to a page, click a link in the list.
Navigation Tree
The navigation three lets you select a page. Pages are arranged in logical feature groups. You can show the navigation tree in one of these view modes:
|
Mode |
Description |
|---|---|
|
Basic |
Shows some standard pages. |
|
Advanced |
Shows all pages. This is the default mode. |
To change the navigation tree mode, click View Mode and select a mode from the list.
To hide the navigation tree, click the Hide 
icon.
Status Bar
The status bar, located at the bottom of the window, shows the result of the last configuration operation.
To see a history of the configuration operations during the current session, click the Expand 
icon.
Configuration Tab
The Configuration tab lets you see and configure parameters for Gaia features and settings groups. The parameters are organized into functional settings groups in the navigation tree. You must have Read/Write permissions for a settings group to configure its parameters.
Monitoring Tab
The Monitoring tab lets you see status and detailed operational statistics, in real time, for some routing and high availability settings groups. This information is useful for monitoring dynamic routing and VRRP cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. performance.
To see the Monitoring tab, select a routing or high availability feature settings group and then click the Monitoring tab. For some settings groups, you can select different types of information from a menu.
Unsupported Characters and Words
To prevent possible Cross-Site Scripting (XSS) attacks, Gaia Portal does not accept some characters and words when you enter them in various fields.
Unsupported Characters
|
Character |
Description |
|---|---|
|
< |
Less than |
|
> |
Greater than |
|
& |
Ampersand |
|
; |
Semi-colon |
Unsupported Words
-
after -
apply -
catch -
eval -
subset