Running the First Time Configuration Wizard in CLI Expert mode

Description

Use this command in the Expert mode to test and to run the First Time Configuration Wizard on a GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. system for the first time after the system installation.

Notes:

  • The config_system utility is not an interactive configuration tool. It helps automate the first time configuration process.

  • The config_system utility is only for the first time configuration, and not for ongoing system configurations.

Syntax

  • To list the command options, run one of these:

    Form

    Command

    Short form

    config_system -h

    Long form

    config_system --help

  • To run the First Time Configuration Wizard from a specified configuration file, run one of these:

    Form

    Command

    Short form

    config_system -f <Path and Filename>

    Long form

    config_system --config-file <Path and Filename>

  • To run the First Time Configuration Wizard from a specified configuration string, run one of these:

    Form

    Command

    Short form

    config_system -s <String>

    Long form

    config_system --config-string <String>

  • To create a First Time Configuration Wizard Configuration file template in a specified path, run one of these:

    Form

    Command

    Short form

    config_system -t <Path>

    Long form

    config_system --create-template <Path>

  • To verify that the First Time Configuration file is valid, run:

    config_system --dry-run

  • To list configurable parameters, run one of these:

    Form

    Command

    Short form

    config_system -l

    Long form

    config_system --list-params

To run the First Time Configuration Wizard from a configuration string:

Step

Instructions

1

Run this command in Expert mode:

config_system --config-string <String of Parameters and Values>

A configuration string must consist of parameter=value pairs, separated by the ampersand (&).

You must enclose the whole string between quotation marks.

For example:

"hostname=myhost&domainname=somedomain.com&timezone='America/Indiana/Indianapolis'&ftw_sic_key=aaaa&install_security_gw=true&gateway_daip=false&install_ppak=true&gateway_cluster_member=true&install_security_managment=false"

For more information on valid parameters and values, run the "config_system -h" command.

2

Reboot the system.

To run the First Time Configuration Wizard from a configuration file:

Step

Instructions

1

Run this command in Expert mode:

config_system -f <File Name>

2

Reboot the system.

If you do not have a configuration file, you can create a configuration template and fill in the parameter values as necessary.

Before you run the First Time Configuration Wizard, you can validate the configuration file you created.

To create a configuration file:

Step

Instructions

1

Run this command in Expert mode:

config_system -t <File Name>

2

Open the file you created in a text editor.

3

Edit all parameter values as necessary.

4

Save the updated configuration file.

To validate a configuration file:

Run this command in Expert mode:

config_system --config-file <File Name> --dry-run

Parameters

A configuration file contains the <parameter>=<value> pairs described in the table below.

Note - The config_system parameters can change from Gaia version to Gaia version. Run the "config_system --help" command to see the available parameters.

Table: The 'config_system' parameters

Parameter

Supports
Scalable Platforms?

Description

Valid values

admin_hash

Configures the administrator's password.

A string of alphanumeric characters, enclosed between single quotation marks.

default_gw_v4

Specifies IPv4 address of the default gateway.

Single IPv4 address.

default_gw_v6

Specifies IPv6 address of the default gateway.

Single IPv6 address.

domainname

Configures the domain name (optional).

Fully qualified domain name.

Example:
somedomain.com

download_info

Downloads Check Point Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. contracts and other important information, if its value is set to "true".

For more information, see sk94508.

Best Practice - We highly recommended you enable this optional parameter.

  • true

  • false

ftw_sic_key

Configures the Secure Internal Communication key, if the value of the "install_security_managment" parameter is set to "false".

A string of alphanumeric characters (between 4 and 127 characters long).

gateway_cluster_member

Configures the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. as member of ClusterXL, if its value is set to "true".

  • true

  • false

gateway_daip

Configures the Security Gateway as Dynamic IP (DAIP) Security Gateway, if its value is set to "true".

  • true

  • false

Note - Must be set to "false", if ClusterXL or Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. is enabled.

hostname

Configures the name of the local host (optional).

A string of alphanumeric characters.

iface

Interface name (optional).

Name of the interface exactly as it appears in the device configuration.

Examples:
eth0, eth1

install_mds_interface

Specifies Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. management interface.

Name of the interface exactly as it appears in the device configuration.

Examples: eth0, eth1

install_mds_primary

Makes the installed Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. the Primary Multi-Domain Server.

Note - The value of the "install_security_managment" parameter must be set to "true".

  • true

  • false

Note - Can only be set to "true", if the value of the "install_mds_secondary" parameter is set to "false".

install_mds_secondary

Makes the installed Security Management Server a Secondary Multi-Domain Server.

Note - The value of the "install_security_managment" parameter must be set to "true".

  • true

  • false

Note - Can only be set to "true", if the value of the "install_mds_primary" parameter is set to "false".

install_mgmt_primary

Makes the installed Security Management Server the Primary one.

Notes:.

  • true

  • false

install_mgmt_secondary

Makes the installed Security Management Server a Secondary one.

Notes:

  • Can only be set to "true", if the value of the "install_mgmt_primary" parameter is set to "false".

  • To install a dedicated Log Server, the value of this parameter must be set to "false".

  • true

  • false

install_mlm

Installs Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS., if its value is set to "true".

  • true

  • false

install_security_gw

Installs Security Gateway, if its value is set to "true".

  • true

  • false

install_security_managment

Installs a Security Management Server or a dedicated Log Server, if its value is set to "true".

  • true

  • false

install_security_vsx

Installs VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0., if its value is set to "true".

  • true

  • false

ipaddr_v4

Configures the IPv4 address of the management interface.

Single IPv4 address.

ipaddr_v6

Configures the IPv6 address of the management interface.

Single IPv6 address.

ipstat_v4

Turns on static IPv4 configuration, if its value is set to "manually".

  • manually

  • off

ipstat_v6

Turns static IPv6 configuration on, if its value is set to "manually".

  • manually

  • off

masklen_v4

Configures the IPv4 mask length for the management interface.

A number from 0 to 32.

masklen_v6

Configures the IPv6 mask length for the management interface.

A number from 0 to 128.

mgmt_admin_name

Configures the management administrator's username.

Note - You must specify this parameter, if the value of the "install_security_managment" parameter is set to "true".

A string of alphanumeric characters.

mgmt_admin_passwd

Configures the management administrator's password.

Note - You must specify this parameter, if the value of the "install_security_managment" parameter is set to "true".

A string of alphanumeric characters.

mgmt_admin_radio

Configures Management Server administrator.

Note - You must specify this parameter, if you install a Management Server.

  • Set the value to "gaia_admin", if you wish to use the Gaia "admin" account.

  • Set the value to "new_admin", if you wish to configure a new administrator account.

mgmt_gui_clients_first_ip_field

Specifies the first address of the range, if the value of the "mgmt_gui_clients_radio" parameter is set to "range".

Single IPv4 address of a host.

Example:
192.168.0.10

mgmt_gui_clients_hostname

Specifies the netmask, if value of the "mgmt_gui_clients_radio" parameter is set to "this".

Single IPv4 address of a host.

Example:
192.168.0.15

mgmt_gui_clients_ip_field

Specifies the network address, if the value of the "mgmt_gui_clients_radio" parameter is set to "network".

IPv4 address of a network.

Example:
192.168.0.0

mgmt_gui_clients_last_ip_field

Specifies the last address of the range, if the value of the "mgmt_gui_clients_radio" parameter is set to "range".

Single IPv4 address of a host.

Example:
192.168.0.20

mgmt_gui_clients_radio

Specifies SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. clients that can connect to the Security Management Server.

  • any

  • range

  • network

  • this

mgmt_gui_clients_subnet_field

Specifies the netmask, if the value of the "mgmt_gui_clients_radio" parameter is set to "network".

A number from 1 to 32.

ntp_primary

Configures the IP address of the primary NTP server (optional).

IPv4 address.

ntp_primary_version

Configures the NTP version of the primary NTP server (optional).

  • 1

  • 2

  • 3

  • 4

ntp_secondary

Configures the IP address of the secondary NTP server (optional).

IPv4 address.

ntp_secondary_version

Configures the NTP version of the secondary NTP server (optional).

  • 1

  • 2

  • 3

  • 4

primary

Configures the IP address of the primary DNS server (optional).

IPv4 address.

proxy_address

Configures the IP address of the proxy server (optional).

IPv4 address, or Hostname.

proxy_port

Configures the port number of the proxy server (optional).

A number from 1 to 65535.

reboot_if_required

Reboots the system after the configuration, if its value is set to "true" (optional).

  • true

  • false

secondary

Configures the IP address of the secondary DNS server (optional).

IPv4 address.

sg_cluster_id

For Check Point Support use only.

 

tertiary

Configures the IP address of the tertiary DNS server (optional).

IPv4 address.

timezone

Configures the Area/Region (optional).

The Area/Region must be enclosed between single quotation marks.

Examples:
'America/New_York'
'Asia/Tokyo'

Note - To see the available Areas and Regions, connect to any Gaia computer, log in to Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)., and run this command (names of Areas and Regions are case-sensitive):
set timezone Area<SPACE><TAB>

upload_crash_data

Uploads core dump files that help Check Point resolve stability issues, if its value is set to "true".

For more information, see Crash Data.

Warning - The core dump files may contain personal data.

  • true

  • false (default)

upload_info

Uploads data that helps Check Point provide you with optimal services, if its value is set to "true".

For more information, see sk94509.

Best Practice - We highly recommended you enable this optional parameter.

  • true

  • false