cancel
Showing results for 
Search instead for 
Did you mean: 
New Article

Check Point for Beginners Lectures Series. Part 5 - Gaia WebUI and CLI

12 0 1,349

Navigation

Part 1 - Architecture

Part 2 - Preparing the Lab         

Part 3 - Installing Security Management Server

Part 4 - Installing Security Gateway    

Part 5 - Gaia WebUI and CLI    <--- You are here 

Part 6 - Working with SmartConsole 

Part 7 - Managing Security Policies 

Part 8 - Network Address Translation 

Part 9 - Application Control, URL Filtering and Content Awareness

In this lecture, we will talk about managing the Operating System of Gaia based Check Point devices, finalize configuration of our Security Gateway, and introduce the Command Line Interface (CLI).

Gaia Management Tools

 To function properly, Check Point devices need some OS level settings: IP addresses, routing parameters, DNS, DHCP, SNMP, system updates, and backup settings. OS parameters can be managed either through WebUI or CLI.

WebUI

We have already touched the Gaia WebUI during initialization of our lab machines. To access WebUI, open your web browser to https://<device IP address>.

The Gaia WebUI supports the following browsers:

  • Internet Explorer 8 or higher (including IE11).
  • Microsoft Edge
  • Chrome 14 or higher
  • Firefox 6 or higher
  • Safari 5 or higher

You can always check if you browser is supported in SK92668

Let’s connect to our Security Gateway. To do so, open https://192.168.1.254 from your LAB PC or SmartConsole PC. After logging as admin you get to the Overview page.

 

 

The settings are broken down to the following categories:

  • Network Management
  • System management
  • Advanced Routing
  • User Management
  • High Availability
  • Maintenance
  • Upgrades (CPUSE)

For more details, refer to the Gaia Administration Guide.

Network Interface Setup

 

In the previous lecture we have set up just one network interface of our Security Gateway, eth2. We need to set up two other interfaces, as shown in the lab setup (Refer to part 2 of our lectures).

To do so, go to Network Management > Network Interfaces. All physical interfaces detected by the systems are listed there:

 

Double-click on eth0. In the popup window, mark enable checkbox to activate it. Write “Outside” in the comment field and finally, set up the IP address. Press OK to finish.

 

 Set up eth1 in the same manner:

 You can also add “Inside” to the Comment field of eth2. All interfaces should be shown Up at this point.

 

 

Setting Default Gateway

 Now, let’s set up default gateway. Go to Network Management > IPv4 Static Routes. The only entry there is Default.

 

Double-click on it and chose Add Gateway > IP Address:

 

Type in the IP address of the default gateway. In our case it is 192.168.206.2 (Vmware Workstation has .2 for NAT Adapter gateway).

Note: Gaia OS allows only a single admin session in write mode. If you close your browser window without logging off first, or the session times out due to inactivity, you will see the system configuration locked on the next entry to WebUI.

 

To unlock the settings, just click on the lock icon.

Gaia command line interface (CLI)

Gaia OS settings and also some parameters of installed Check Point products can be managed through CLI.

There are several different way to invoke Command Line Interface:

  1. From WebUI, click on “Open Terminal” icon at the top of the screen:

 

          Terminal Window with a login prompt pops up:

 

  1. Console port terminal connection
  2. SSH connection
  3. CLI option in SmartConsole

 

Let’s try SSH option. We are using Putty SSH client. Connect to the SG IP address (192.168.1.254). Log in as admin. You will see the following:

 

 

Command line ending with > symbol means you are in Clish – Command Line Shell. This is the default shell on Gaia OS, which has commands for managing OS parameters: IP addresses, interfaces, routing, DNS settings, etc. Although Gaia OS based on RedHat Linux, the syntax for commands in clish is different from bash.

 

If you want to access Linux bash, you need to enter Expert mode. Entering Expert mode require “expert” password which is different from the user password.

Clish CLI syntax is simple and can be vewed as Operation > Feature > Parameter.

 

Let’s take a look at some examples:

  • show commands - To view all commands that the user has permissions to run;
  • show commands feature <TAB> - To view a list of all features;
  • show commands feature VALUE - To show all commands for a specific feature;
  • show commands op <SPACE> <TAB> - To show all possible operations;
  • show commands [op VALUE] [feature VALUE] - To show all commands per operation, per feature.

Here are the four operation commands that are most frequently used: show, set, add, delete. You can get more details about Clish in R80.10 Gaia Administration Guide.

Practicing CLISH

Open an SSH session to the Security Gateway and login as admin. Type show command and then press Tab twice. You will see all available features:

 

There are a number of options here, but we will start with reviewing the configuration, which can be done by typing the command show configuration. You will see all Gaia configuration settings in the output, including the ones related to the network interfaces:

 

Never try setting any Gaia OS parameter with standard Linux tools. These settings will not survive reboot and will be get overridden by clish or WebUI configuration changes.

 

To access bash, you need to enter expert mode, which you do by typing the command expert. You will be asked to set the expert password with set expert-password command:

 

 

 

Set the expert password and type in expert again, than enter the configured password.

CLI prompt sign will change from > to #:

 

 Standard Linux tools and commands are now fully available.

This is the end of this Part 5. In the next session, we will install SmartConsole and start configuring our security system that will include Security Management Server and Security Gateway.

 

 

----------------------------

Authors and contributors

Author Evgeniy OlkovCTO at TS Solution. 

Founded in 2010, the TS Solution is a fast growing Russian company, focused on integrating high-tech networking, security and server virtualization systems and technologies, along with maintenance and professional services.

Translation and editing - Valeri Loukine

Review and editing - Dameon Welch-Abernathy

Navigation

Part 1 - Architecture

Part 2 - Preparing the Lab         

Part 3 - Installing Security Management Server

Part 4 - Installing Security Gateway     

Part 5 - Part 5 - Gaia WebUI and CLI    <--- You are here 

Part 6 - Working with SmartConsole 

Part 7 - Managing Security Policies 

Part 8 - Network Address Translation 

Part 9 - Application Control, URL Filtering and Content Awareness

Tags (3)