This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
iamraylau
Participant
‎2024-08-07 01:48 AM
Jump to solution

GAIA configuration template in AWS/Azure

Hi All,

Does anyone know how to configure the GAIA setting under the AWS auto-scaling group or Azure VMSS? 

the GAIA setting should have below configuration

1. SNMPv2 community string 

2. NTP 

3. GAIA user 

4. Install with the latest jumbo hotfix

 

 

0 Kudos
3 Solutions

Accepted Solutions
Edan_Leventhal
Employee Employee
Employee
‎2024-08-07 02:07 AM
Jump to solution

Hi,

You can execute this by adding a custom bash script to be run by the CME using the autoprovision script's -cg flag

To configure the CME run on the management server:

#autoprov-cfg set template -tn "<template_name>" -cg <path_to_script>

 

You would want to create a bash script to run your required clish commands, for example:

#!/bin/bash
clish -c 'set ntp server primary 8.8.8.8 version 4'
clish -c 'save config'

 

Setting the above will run the script anytime a new instance is created.

Hope this helps

View solution in original post

Edan_Leventhal
Employee Employee
Employee
‎2024-08-07 02:25 AM
In response to iamraylau
Jump to solution

Hi,

1. Yes - The script needs to be located in the management server

2. To my knowledge you can only use the flag once, so only 1 script, you will have to put all the configurations in one file.

3. Generally, when you deploy new instances they come with the latest recommended jumbo hotfix normally, so this shouldn't be much of an issue.

View solution in original post

0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-08-07 04:51 AM
In response to iamraylau
Jump to solution

Hi,

You can use the flag with a single script.

You can find information on it in the link for CME admin guide:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_...

JHF: You can find information on how to install latest JHFs in the same admin guide here:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/Automatic_Hotf...

Although we do change the images for gateways to include JHFs but using auto-HF will increase your control on JHF versions.

Kind regards, Amir Senn

View solution in original post

7 Replies
Edan_Leventhal
Employee Employee
Employee
‎2024-08-07 02:07 AM
Jump to solution

Hi,

You can execute this by adding a custom bash script to be run by the CME using the autoprovision script's -cg flag

To configure the CME run on the management server:

#autoprov-cfg set template -tn "<template_name>" -cg <path_to_script>

 

You would want to create a bash script to run your required clish commands, for example:

#!/bin/bash
clish -c 'set ntp server primary 8.8.8.8 version 4'
clish -c 'save config'

 

Setting the above will run the script anytime a new instance is created.

Hope this helps

iamraylau
Participant
‎2024-08-07 02:14 AM
In response to Edan_Leventhal
Jump to solution

Hi Edan, 

Thanks for your promptly reply.

May I know the "<path to script>" means the the script path located in SMS disk? Can I use the multiple scripts with the same flag? like 

#autoprov-cfg set template -tn "<template_name>" -cg <path_to_script-1> -cg <path_to_script-2> -cg <path_to_script-3>
Furthermore, how can we provision the CGNS instance together with the latest jumbo hotfix install? 

0 Kudos
Edan_Leventhal
Employee Employee
Employee
‎2024-08-07 02:25 AM
In response to iamraylau
Jump to solution

Hi,

1. Yes - The script needs to be located in the management server

2. To my knowledge you can only use the flag once, so only 1 script, you will have to put all the configurations in one file.

3. Generally, when you deploy new instances they come with the latest recommended jumbo hotfix normally, so this shouldn't be much of an issue.

0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-08-07 04:51 AM
In response to iamraylau
Jump to solution

Hi,

You can use the flag with a single script.

You can find information on it in the link for CME admin guide:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_...

JHF: You can find information on how to install latest JHFs in the same admin guide here:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/Automatic_Hotf...

Although we do change the images for gateways to include JHFs but using auto-HF will increase your control on JHF versions.

Kind regards, Amir Senn
iamraylau
Participant
‎2024-08-07 09:13 PM
In response to Amir_Senn
Jump to solution

Hi all,

I have created the script and added to the autoprov_cfg template and found it is not able to configure the gateway
[Expert@cp-mgmt:0]# autoprov_cfg show templates
gwlb-configuration:
anti-bot: true
anti-virus: true
application-control: true
aws-automatic-policy: true
custom-gateway-script: "/home/admin/setup_script2.sh"
ips: true


for the script, it is like this 

 

#!/bin/bash
clish -c 'lock database override'
clish -c 'add allowed-client host ipv4-address 138.19.226.116'
clish -c 'add allowed-client host ipv4-address 183.178.46.193'

clish -c 'save config'

 

where is the log and how to diagnose the problem? 

0 Kudos
iamraylau
Participant
‎2024-08-07 10:56 PM
In response to iamraylau
Jump to solution

i got this message from the Smart Console, Does anyone know what is the problem? 


/tmp/rconfd-temp-script-8ry5k3: /bin/setup_script2.sh: /bin/bash^M: bad interpreter: No such file or directory

0 Kudos
iamraylau
Participant
‎2024-08-07 11:47 PM
In response to iamraylau
Jump to solution

fixed the script problem with "sed -i -e 's/\r$//' scriptname.sh"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events