Running the First Time Configuration Wizard in CLI Expert mode

Description

Use this command in the Expert mode to test and to run the First Time Configuration Wizard on a Gaia system for the first time after the system installation.

Notes:

The config_system utility is not an interactive configuration tool. It helps automate the first time configuration process.
The config_system utility is only for the first time configuration, and not for ongoing system configurations.

Important - On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in the Expert mode on the applicable Security Group.

Syntax

Viewing the configurable parameters

Form	Command
Short form	`config_system -l`
Long form	`config_system --list-params`

Running the First Time Configuration Wizard from a specified configuration file

Form	Command
Short form	`config_system -f <Path and Filename>`
Long form	`config_system --config-file <Path and Filename>`

Running the First Time Configuration Wizard from a specified configuration string

Form	Command
Short form	`config_system -s <String>`
Long form	`config_system --config-string <String>`

Creating a First Time Configuration Wizard configuration file template in a specified path

Form	Command
Short form	`config_system -t <Path>`
Long form	`config_system --create-template <Path>`

Procedure

Running the First Time Configuration Wizard from a configuration string

Step

Instructions

Run this command in Expert mode:

config_system --config-string <String of Parameters and Values>

A configuration string must consist of parameter=value pairs, separated by the ampersand (&).

You must enclose the whole string between quotation marks.

For example:

"hostname=myhost&domainname=somedomain.com&timezone='America/Indiana/Indianapolis'&ftw_sic_key=aaaa&install_security_gw=true&gateway_daip=false&install_ppak=true&gateway_cluster_member=true&install_security_managment=false"

For more information on valid parameters and values, run the "config_system --list-params" command.

Reboot the system.

Creating a configuration file

Step

Instructions

Run this command in the Expert mode:

config_system -t <File Name>

Open the file you created in a text editor.

Edit all parameter values as necessary.

Save the updated configuration file.

Running the First Time Configuration Wizard from a configuration file

Step

Instructions

Run this command in Expert mode:

config_system -f <File Name>

Reboot the system.

If you do not have a configuration file, you can create a configuration template and fill in the parameter values as necessary.

Before you run the First Time Configuration Wizard, you can validate the configuration file you created.

Parameters

A configuration file contains the "<parameter>=<value>" pairs described in the table below.

Note - The config_system parameters can change from Gaia version to Gaia version. Run the "config_system --list-params" command to see the available parameters.

Parameter

Supports
Scalable Platforms?

Description

Valid values

admin_hash

Configures the administrator's password.

A string of alphanumeric characters, enclosed between single quotation marks.

default_gw_v4

Specifies IPv4 address of the default gateway.

Single IPv4 address.

default_gw_v6

Specifies IPv6 address of the default gateway.

Single IPv6 address.

domainname

Configures the domain name (optional).

Fully qualified domain name.

Example:
somedomain.com

download_info

If its value is set to "true":

Downloads and installs Check Point Software Blade contracts.
Downloads and installs Check Point security updates.
Downloads other important information.

For more information, see sk94508 and sk175504.

Best Practice - We highly recommended you enable this optional parameter.

true (default)
false

download_from_checkpoint_non_security

If its value is set to "true":

Downloads Check Point software updates.
Downloads new Check Point features.

For more information, see sk94508 and sk175504.

Best Practice - We highly recommended you enable this optional parameter.

true (default)
false

ftw_sic_key

Configures the Secure Internal Communication key, if the value of the "install_security_managment" parameter is set to "false".

A string of alphanumeric characters (between 4 and 127 characters long).

gateway_cluster_member

Configures the Security Gateway as member of ClusterXL, if its value is set to "true".

true
false

gateway_daip

Configures the Security Gateway as Dynamic IP (DAIP) Security Gateway, if its value is set to "true".

true
false (default)

Note - Must be set to "false", if ClusterXL or Security Management Server is enabled.

hostname

Configures the name of the local host (optional).

A string of alphanumeric characters.

iface

Interface name (optional).

Name of the interface exactly as it appears in the device configuration.

Examples:
eth0, eth1

install_mds_interface

Specifies Multi-Domain Server management interface.

Name of the interface exactly as it appears in the device configuration.

Examples: eth0, eth1

install_mds_primary

Makes the installed Security Management Server the Primary Multi-Domain Server.

Note - The value of the "install_security_managment" parameter must be set to "true".

true
false

Note - Can only be set to "true", if the value of the "install_mds_secondary" parameter is set to "false".

install_mds_secondary

Makes the installed Security Management Server a Secondary Multi-Domain Server.

Note - The value of the "install_security_managment" parameter must be set to "true".

true
false

Note - Can only be set to "true", if the value of the "install_mds_primary" parameter is set to "false".

install_mgmt_primary

Makes the installed Security Management Server the Primary one.

Notes:

Can only be set to "true", if the value of the "install_mgmt_secondary" parameter is set to "false".
To install a dedicated Log Server, the value of this parameter must be set to "false".

true
false

install_mgmt_secondary

Makes the installed Security Management Server a Secondary one.

Notes:

Can only be set to "true", if the value of the "install_mgmt_primary" parameter is set to "false".
To install a dedicated Log Server, the value of this parameter must be set to "false".

true
false

install_mlm

Installs Multi-Domain Log Server, if its value is set to "true".

true
false

install_security_gw

Installs Security Gateway, if its value is set to "true".

true
false

install_security_managment

Installs a Security Management Server or a dedicated Log Server, if its value is set to "true".

true
false

install_security_vsx

Installs VSX Gateway, if its value is set to "true".

true
false

ipaddr_v4

Configures the IPv4 address of the management interface.

Single IPv4 address.

ipaddr_v6

Configures the IPv6 address of the management interface.

Single IPv6 address.

ipstat_v4

Turns on static IPv4 configuration, if its value is set to "manually".

manually (default)
off

ipstat_v6

Turns static IPv6 configuration on, if its value is set to "manually".

manually
off (default)

maas_authentication_key

Configures the authentication key for Management as a Service (MaaS).

Applies only to Security Gateways.

A string of alphanumeric characters, enclosed between single quotation marks.

masklen_v4

Configures the IPv4 mask length for the management interface.

A number from 0 to 32.

masklen_v6

Configures the IPv6 mask length for the management interface.

A number from 0 to 128.

mgmt_admin_name

Configures the management administrator's username.

Note - You must specify this parameter, if the value of the "install_security_managment" parameter is set to "true".

A string of alphanumeric characters.

mgmt_admin_passwd

Configures the management administrator's password.

Note - You must specify this parameter, if the value of the "install_security_managment" parameter is set to "true".

A string of alphanumeric characters.

mgmt_admin_radio

Configures Management Server administrator.

Note - You must specify this parameter, if you install a Management Server.

Set the value to "gaia_admin", if you wish to use the Gaia "admin" account.
Set the value to "new_admin", if you wish to configure a new administrator account.

mgmt_gui_clients_first_ip_field

Specifies the first address of the range, if the value of the "mgmt_gui_clients_radio" parameter is set to "range".

Single IPv4 address of a host.

Example:
192.168.0.10

mgmt_gui_clients_hostname

Specifies the netmask, if value of the "mgmt_gui_clients_radio" parameter is set to "this".

Single IPv4 address of a host.

Example:
192.168.0.15

mgmt_gui_clients_ip_field

Specifies the network address, if the value of the "mgmt_gui_clients_radio" parameter is set to "network".

IPv4 address of a network.

Example:
192.168.0.0

mgmt_gui_clients_last_ip_field

Specifies the last address of the range, if the value of the "mgmt_gui_clients_radio" parameter is set to "range".

Single IPv4 address of a host.

Example:
192.168.0.20

mgmt_gui_clients_radio

Specifies SmartConsole clients that can connect to the Security Management Server.

any
range
network
this

mgmt_gui_clients_subnet_field

Specifies the netmask, if the value of the "mgmt_gui_clients_radio" parameter is set to "network".

A number from 1 to 32.

ntp_primary

Configures the IP address of the primary NTP server (optional).

IPv4 address.

ntp_primary_version

Configures the NTP version of the primary NTP server (optional).

ntp_secondary

Configures the IP address of the secondary NTP server (optional).

IPv4 address.

ntp_secondary_version

Configures the NTP version of the secondary NTP server (optional).

primary

Configures the IP address of the primary DNS server (optional).

IPv4 address.

proxy_address

Configures the IP address of the proxy server (optional).

IPv4 address, or Hostname.

proxy_port

Configures the port number of the proxy server (optional).

A number from 1 to 65535.

reboot_if_required

Reboots the system after the configuration, if its value is set to "true" (optional).

true
false

secondary

Configures the IP address of the secondary DNS server (optional).

IPv4 address.

sg_cluster_id

For Check Point Support use only.

tertiary

Configures the IP address of the tertiary DNS server (optional).

IPv4 address.

timezone

Configures the Area/Region (optional).

The Area/Region must be enclosed between single quotation marks.

Examples:
'America/New_York'
'Asia/Tokyo'

Note - To see the available Areas and Regions, connect to any Gaia computer, log in to Gaia Clish, and run this command (names of Areas and Regions are case-sensitive):
set timezone Area<SPACE><TAB>

upload_crash_data

Uploads core dump files that help Check Point resolve stability issues, if its value is set to "true".

For more information, see Crash Data.

Warning - The core dump files may contain personal data.

true
false (default)

upload_info

Uploads data that helps Check Point provide you with optimal services, if its value is set to "true".

For more information, see sk94509.

Best Practice - We highly recommended you enable this optional parameter.

true
false (default)