https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14408#M1019 <HTML><HEAD></HEAD><BODY><P>Are there many people here that use the CLI much on the small boxes like the 1100 / 1400 series?</P><P>I have created my own database for preping a base config for normal GAIA and have been working the last copuple of days to get the syntax on all commands we need to set the standard settings and maybe add interfaces / static routes etc.</P><P></P><P>I was working on a job where I don't have a Internet Connection configured as the box is connected between a MPLS-trunk and some local network with a DMZ and a local LAN.</P><P>First thing I ran into, you cannot set a default route except for the one in the internet connection.</P><P>Second thing, by default the LAN ports are part of a switch, so to use&nbsp; each port as a separate network port you remove the switch, then set interfaces' IP addresses however here I get an error: The settings overlap with those of another network or bridge</P><P>Third I cannot find the way to prepare the box for doing SIC from management (when adding a SMB cluster member you need to set SIC during the ADD process, you cannot use first connect.</P><P>Commands used each with their appropriate options:</P><P>connect security-management&nbsp;</P><P>set log-server-configuration&nbsp;</P><P>After this I checked through the GUI and there was nothing filled in the SIC part, so how do I setup the 1400 so it will accept a SIC request? I know on the Edge it was:</P><P>set smp server registrationkey &lt;password&gt; gatewayid &lt;GW-Name&gt; connect enabled</P><P>However that is no longer there.</P><P>There are multiple other things I ran into that do not work the way they are supposed to, but those are all already in the case I openend for this.</P><P></P><P>Version I worked with is 77.20.70</P></BODY></HTML> Wed, 11 Apr 2018 21:32:45 GMT Maarten_Sjouw 2018-04-11T21:32:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14408#M1019 <HTML><HEAD></HEAD><BODY><P>Are there many people here that use the CLI much on the small boxes like the 1100 / 1400 series?</P><P>I have created my own database for preping a base config for normal GAIA and have been working the last copuple of days to get the syntax on all commands we need to set the standard settings and maybe add interfaces / static routes etc.</P><P></P><P>I was working on a job where I don't have a Internet Connection configured as the box is connected between a MPLS-trunk and some local network with a DMZ and a local LAN.</P><P>First thing I ran into, you cannot set a default route except for the one in the internet connection.</P><P>Second thing, by default the LAN ports are part of a switch, so to use&nbsp; each port as a separate network port you remove the switch, then set interfaces' IP addresses however here I get an error: The settings overlap with those of another network or bridge</P><P>Third I cannot find the way to prepare the box for doing SIC from management (when adding a SMB cluster member you need to set SIC during the ADD process, you cannot use first connect.</P><P>Commands used each with their appropriate options:</P><P>connect security-management&nbsp;</P><P>set log-server-configuration&nbsp;</P><P>After this I checked through the GUI and there was nothing filled in the SIC part, so how do I setup the 1400 so it will accept a SIC request? I know on the Edge it was:</P><P>set smp server registrationkey &lt;password&gt; gatewayid &lt;GW-Name&gt; connect enabled</P><P>However that is no longer there.</P><P>There are multiple other things I ran into that do not work the way they are supposed to, but those are all already in the case I openend for this.</P><P></P><P>Version I worked with is 77.20.70</P></BODY></HTML> Wed, 11 Apr 2018 21:32:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14408#M1019 Maarten_Sjouw 2018-04-11T21:32:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14409#M1020 <HTML><HEAD></HEAD><BODY><P>For your last question, there is a script called sic_init.sh (available in Expert mode) that appears to allow you to set the SIC password.</P></BODY></HTML> Thu, 12 Apr 2018 10:58:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14409#M1020 PhoneBoy 2018-04-12T10:58:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14410#M1021 <HTML><HEAD></HEAD><BODY><P>Thanks Damien, with that I found the most simple command to get the SIC Password set:</P><P>fw sic_init &lt;password&gt;</P><P>Which can be run from clish as well, so yep this one saved the day.</P><P>all the other issues I found are quite problematic but also there for most I found workarounds. Like when you remove the LAN1_Switch from the command line you need to reboot before you can assign IP's to any of the interfaces, so we came with a set of commands to execute before upgrading to the latest firmware, then (automatic) reboot and then continue with the set interface ipa-address commands.</P></BODY></HTML> Thu, 12 Apr 2018 16:56:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14410#M1021 Maarten_Sjouw 2018-04-12T16:56:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14411#M1022 <HTML><HEAD></HEAD><BODY><P>I want to add that i have published much about autoconf.clish here already - see for example <A _jive_internal="true" href="https://community.checkpoint.com/docs/DOC-2634-usb-first-time-config-using-autoconfclish-files-how-it-is-written"><EM>USB First Time Config using autoconf.clish files&nbsp; - How it is written</EM></A></P></BODY></HTML> Thu, 19 Apr 2018 07:17:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CLI-on-Embedded-Gaia/m-p/14411#M1022 G_W_Albrecht 2018-04-19T07:17:34Z