Create a Post
Showing results for 
Search instead for 
Did you mean: 

Now we allow You to define your own Gaia OS Best Practices

Compliance blade has a new ability to create new Gaia OS #best practices.

As you know, #compliance blade provides customers with security monitoring of other software blades against a built-in library of security best practices.

Examples of GAIA OS best practices create by check point expertise:



Best Practice Blade

Security Best Practice


Gaia OS

Check that Network Access via Telnet is disabled


Gaia OS

Check that the IPv4 Static Routes contains a default route


Gaia OS

Check that the System Clock is set automatically using NTP

Now we allow our customers to define their own Gaia OS Best Practices.


How to create your own Best Practice for GAIA OS

If the user is accessing Compliance Blade for the first time: Click “LOGS & MONITOR”  => open a new tab by clicking  "+"  => Views => Compliance

Click "See All"

Click "New" => ‘Gaia OS Best Practice’

Enter Best Practice Name, Description, Action Item, Practice Script, Expected Output and click "OK".

Your new Gaia Best Practice will be added to the list of Best Practices And click "Publish".

 Navigate to MANAGE & SETTINGS => Blades => Select 'Compliance Settings'=> Select "Rescan"

After Rescan, click "OK".

Navigate to 'LOGS & MONITOR => Compliance'. The scan results for the new Gaia OS Best Practice are displayed.


What is a “best practice”?

 A best practice is a specific recommendation developed by Check Point which defines the optimal way to configure Check Point security and management blades. Best practices receive a security status that helps you to understand how well the best practice is currently implemented in your own environment.

For which versions this feature is working?

This dashboard was created for R80.20 version and above.



2 Replies

My best practice:


  1. Check that is accessible.
  2. Check that our ccc script  is installed.
  3. Check that Gaia Healthcheck is installed and up-to-date as it doesn‘t yet check for updates itself.


Let say, for example that you what to verify that your Web Access is set for SSL version 3 on the Platform.

Just create your own best practice:

Name: Check that the Web Access is set for SSLv3 on the Platform.

Description: This checks that the Web Access to the GUI is set for SSLv3.

Action Item: Validate the SSLv3 settings are enabled on the configuration set on the Gaia OS.

Proactive ScripLink

Expected Output: on