cancel
Showing results for 
Search instead for 
Did you mean: 
New Article

Tip of the Week - Gaia Dynamic CLI is now generally available

18 35 1,744

If you are tired of jumping between CLISH and Expert shell when configuring and tuning your Gaia based security devices, take a look at Dynamic CLI: Dynamic CLI: Enhancing CLISH with new Expert mode commands  

Also, if you are attending one of CPX360 events, come to Valeri Loukine‌'s sessions to see some demos.

35 Comments

It would be nice to supply the installation file not as a tgz with an rpm and installation scripts, but as CPUSE.

1. same installation process as for all fixes/etc.

2. possible to deploy via CDT

I agree. Alexander Kim‌, can you comment please?

Employee+
Employee+

Point taken. We will consider it. 

Btw. same goes for Gaia Rest API for sure 😉

Employee+
Employee+

Of course

Martin_Raska
Copper

Its NICE, is there any plan to include in JHF?

Employee+
Employee+

JHF can be installed on top of it without problem. I will add a note in the SK

Martin_Raska
Copper

One Error: it should know corexl


chkp-demo-gw> show security-gateway corexl
CLINFR0329 Invalid command:'show security-gateway corexl'.


[Expert@chkp-demo-gw:0]# fw ctl multik stat
ID | Active | CPU | Connections | Peak
----------------------------------------------
0 | Yes | 1 | 3 | 110
1 | Yes | 0 | 13 | 171

I already added this as comment to the SK, the command is not as documented but:

chkp-demo-gw> show security-gateway affinity statistics
ID | Active | CPU | Connections | Peak
----------------------------------------------
0 | Yes | 3 | 9 | 114
1 | Yes | 2 | 9 | 131
2 | Yes | 1 | 10 | 120

Employee+
Employee+

Thanks. Fixed

Tried to download and getting this while logged in to SC..

I'm having the same problem with expert level access.

"The file you were trying to load could not be found or has been deleted."
 

Employee+
Employee+

Pedro, can you try again now ?

Employee+
Employee+

Martin, Pedro, 

Can you try again now, plz ?

Yes working now.

Yeps,

Working perfectly now.

Thank you.

PM

Is reboot really necessary ? I like the idea, but the fact I would need to reboot around 200 GWs ... it is showstopper for us.

Employee+
Employee+

Well, actually killing clish and clishd should do it...

What is the point that only R80+ is supported ? Why not support also R77.30 ?

Cause that's way how to push customers to upgrade their fw's  

You just hit my first "assumption"

Employee+
Employee+

Not in this case, no Smiley Happy no conspiracy... R77.30 would require us to make changes in underlying clish architecture (changes which are already present in R80.10), and in such case installation of this dynamic cli package would block jhf and any other hf on that gateway

Thank you for detailed explanation Smiley Happy

Martin_Raska
Copper

Sorry but that was not my question.

Employee+
Employee+

Can you clarify then ? If the question is will this code be a part of JHF - then the answer is no. The packages are now available only in the SK, but they do not contradict with any other HF or JHF

would be great if also "grep" would be available in clish..

Employee+
Employee+

We added some (which we found useful). They are documented in the SK :

 show system dmi-table search VALUEdmidecode | grep -i VALUE | more 
 show file VALUE search VALUE cat VALUE | grep -i VALUE | more
show syslog logs search VALUEcat /var/log/messages | grep -i VALUE | more
show syslog dmesg search VALUEdmesg | grep -i VALUE | more
G_W_Albrecht
Pearl

I find this a valuable addition if special users shall be able to issue expert commands without havong expert password or role. But in daily life, i will rather open two ssh windows, one in clish, the other in expert mode, before replacing fw stat by show security-gateway policy .

if you dont know expert pass and want to perform some commands from expert, simply change your shell (set user <my_clish_username> shell /bin/bash) and you are done Smiley Happy "security" on the highest level ...

Jerry
Gold

you won't be able to do "chsh -s /bin/bash user" or as you claimed from clish> - unless the user is in adminRole Smiley Happy regular user cannot make himself from cli.sh to bash I guess?

Correct, without adminRole (or a manual role with correct permissions) this is not possible.

The question is, as I personally understand it, about having the package available through CPUSE and not only as tgz installable package

The point is, you can now delegate certain actions to users who are below adminRole, which is in other words, godmode

Is there a plan to integrate the dynamic CLI directly into Gaia, so no manuell installation is necessary? Will it be part of a future version 80.x?

This will help the admins, if the have lot's of gateways...