This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Network_M
Collaborator
‎2018-09-22 03:34 AM

Maintenance actions that should be performed by admins

What kind of duties should admins perform on security gateways and on management server?

For example, deleting old logs, deleting old files, make more free space etc.?

Can anyone explain step by step?

In my case, when I connect to security gateway by ssh, for example, if I type "df -h" it gives error.

Operating system: R80.10 Gaia

This will be helpful for newbies like me.

Thank you.

0 Kudos
7 Replies
Danny
Champion Champion
Champion
‎2018-09-22 06:08 AM

Well.. if you are really that new to Check Point firewalls I highly recommend taking a CCSA training first.

See.. you logged into your firewall and expected df -h to be working while you were with Check Points own Clish environment (User mode) and not within a Linux Bash environment (System mode), which can be accessed with the expert command. However, being that new as you say, you should not touch anything within expert mode as long as you don't know how to handle Check Points secured and hardened GAiA OS.

Aside from this here are my recommendations for you:

  • For most OS maintenance actions Check Point firewalls have a so called GAiA WebUI you should be able to access in you web browser via: https://ip-of-your-fw or https://ip-of-your-fw:4434 (login with your admin account)
  • Check Point firewall are centrally managed. Login to your firewall management using the R80.10 SmartConsole. From there you can centrally monitor, backup and update your firewall gateways and every run CLI scripts.
  • Use this community and Google extensively to first search for everything you might want to do, there are even many R80 videos here and on Youtube you can start from.
  • When you are finally ready to login into GAiA Cli and into the expert mode, Check Point's healthcheck and our ccc script are very good tools to start with.
Vladimir
Champion
Champion
‎2018-09-22 08:06 AM

It largely depends on the posture and maturity of your firm's security policy. If your company is enforcing separation of duties and have different tiers of administrative access, OS maintenance may very well be outside of the scope of your responsibilities.

I seldom see this being implemented in a smaller shops, where typical admin has full rights on the system.

Some MSPs may, likewise, have similar model, where they delegate day to day management to the onsite admin, but do not want to take a chance on system becoming unresponsive due to missconfiguration or radical changes implemented without them being aware of those.

Lari_Luoma
Ambassador Ambassador
Ambassador
‎2018-09-22 11:48 AM

I would like to automate these tasks as much as possible. Here is my list of topics.

1. Make sure that logging is working and the gateways are not logging locally. See sk38848 for logging troubleshooting info.

2. Do not use your gateways or management server as file servers. Delete any unnecessary upgrade etc. files after they are not needed anymore.

3. If you have a lot of logging, consider setting up a separate logging server (instead of taking all logs to your SMS or CMA).

4. Consider setting up a separate server for SmartEvent if used. 

5. Manage the disk space on your management and logging servers to prevent them from filling up. See the following screenshot. Indexing logs takes space. It usually makes sense to delete the old indexes after a certain period.

6. Do not keep unnecessary database revisions

7. Keep your policies and databases as small as possible. Delete unnecessary unused or duplicate objects. Make sure all policies are assigned to gateways and remove the ones that are not needed etc.

8. Take regular backups and move them out of the box.

9. Monitor the system with SNMP.

10. Test your HA regularly

Network_M
Collaborator
‎2018-09-24 12:04 AM
In response to Lari_Luoma

4. Consider setting up a separate server for SmartEvent if used.

What is SmartEvent? Is it something like SmartView?

6. Do not keep unnecessary database revisions

What does it mean "database revisions"?

8. Take regular backups and move them out of the box

I have taken full system backup of my security gateways and managemen server via TFTP server.

What do you mean by saying "move them out of the box" ?

9. Monitor the system with SNMP.

How can it be done? Where on the gateways should we write snmp-server commands?

Thank you

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-24 04:59 AM
In response to Network_M

SmartEvent is our SIEM/Reporting solution for Check Point products.

You can see how people are using it and ask questions about it here on CheckMates: Logging, Monitoring, Reporting, and Event Analysis

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2018-09-24 10:48 AM
In response to Network_M

6. Do not keep unnecessary database revisions

What does it mean "database revisions"?

Every time you publish the policy it will create a revision of the old database for easy rollback. Go to Manage and Settings - Revisions. In pre-R80-versions this was done manually using "Database Revision Control".

8. Take regular backups and move them out of the box

I have taken full system backup of my security gateways and managemen server via TFTP server.

What do you mean by saying "move them out of the box" ?

Don't store backups on the Check Point server or gateway itself. If you lose it you will lose the backups as well. Using FTP, SCP ot TFTP to move the backups to another location is recommended.

9. Monitor the system with SNMP.

How can it be done? Where on the gateways should we write snmp-server commands?

sk90860

I also recommend you to take CCSA class.

PhoneBoy
Admin
Admin
‎2018-09-22 03:14 PM

See also: Check Point Firewall Admin Tasks

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events