- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Scripting was a weak point of SMB devices until firmware version R77.20.80: You can easily perform scripted tasks after each boot process (see sk52520 How to run commands at boot on an SG80/600/700/1100/1400/1200R -- UserScript for details), but no cron job was possible as crond did not run in GAiA Embedded (although the command crontab exists, it was unusable). There was a procedure to enable crond (Spikefish Solutions Blog: Enabling cron, the scheduling service on 600 / 700 / 1100 / 1200R) if really needed. Since R77.20.80, crond is running, see the details in R77.20.80, cpdiag and crond.
But e.g. to issue a scripted reboot every two weeks at a certain time, we can also trigger the script over a SSH connection from another device. Details can be found in sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700.... Remember to keep the passphrase empty when generating the key pair ! First step is to run # bashUser on while in expert mode to enable login directly into expert mode and WinSCP access. On the SMB box, we then create the file /pfrm2.0/etc/myreb.sh :
#!/bin/bash -f
source /fwtmp/opt/fw1/tmp/.CPprofile.sh
date >> /pfrm2.0/etc/lastReboot
(echo y ) | reboot
The second line is included as good practise and not needed here - but other commands will depend on environment variables set correctly (see sk77300 and sk90441).
On the unit that shall issue the command (based on GAiA or Unix) we follow sk95890 How to configure SSH authentication on Gaia OS using RSA key files and create /home/admin/sshreb.sh :
#!/bin/bash -fsource $CPDIR/tmp/.CPprofile.sh
ssh -i /home/admin/MyKey ip.x.x.x sh -l ./pfrm2.0/etc/myreb.sh
After first connect per ssh, the script is able to login and perform reboot automatically after being called using cron. This is easy e.g. on a Gaia device (in GAiA WebGUI, see under System Management > Job Scheduler). Such a script can also perform TP Updates automatically, but at different scheduled times for each blade using the online_update_cmd !
That really is wild - i did not search for a cron binary, and crontab, as seen in the document, has no memory... We can see that this is a rather downsized busybox system, and that is understandable if we think of SG-80 or 600 models hardware capabilities
. To create a symlink, a directory, call crond and write the crontab file on boot is working ok, but for me does not feel very comfortable. With current hardware, the need to trigger TP updates at different times - opposed to internaly scheduling all updates for the same time - is mostly gone, and scheduled backup works perfectly for me since a long time, and without any cron job...
Thanks for posting this. Two things to note...
From the Check Point 600/700/1100/1200R/1400 Appliance R77.20.75 CLI Guide:
You can enable login directly to expert mode. To do this:
• Login to Expert mode using the "Expert" password.
• Run the command bashUser on
• You will now always login directly to expert mode (this mode is not deleted during reboot)
• To turn this mode off, run the command bashUser off
Actually, it is possible to run cron jobs on SMB. I have followed this guide and it works for me very well:
Spikefish Solutions Blog: Enabling cron, the scheduling service on 600 / 700 / 1100 / 1200R
Yes, that is true - afair you have to ssh connect manually for one time, then you can use the script. For GUI based guys like me, bashUser on is the first command issued on every SMB unit so we can use WinSCP
.
That really is wild - i did not search for a cron binary, and crontab, as seen in the document, has no memory... We can see that this is a rather downsized busybox system, and that is understandable if we think of SG-80 or 600 models hardware capabilities
. To create a symlink, a directory, call crond and write the crontab file on boot is working ok, but for me does not feel very comfortable. With current hardware, the need to trigger TP updates at different times - opposed to internaly scheduling all updates for the same time - is mostly gone, and scheduled backup works perfectly for me since a long time, and without any cron job...
I have changed the document by adding details from the comments - thank you all for them !
Addition: Second line has changed with newer firmware:
#!/bin/bash -f
source /opt/fw1/tmp/.CPprofile.sh
Since crond actually appears usable on the newer SMB appliances, would you still recommend not using it or would you actually recommend using it now? Running "crontab -l" from expert mode shows quite a few jobs are running from cron now on the latest R81.10.17 build. Just curious as we throw a monthly reboot script in there ourselves which survives a reboot, but obviously not a firmware upgrade.
Note that we now officially have a scheduled reboot feature since R81.10.17 which can survive upgrade, so no need to use cron anymore unless there are other scripts that you want to specifically run.
Is this available on centrally managed embedded gaia systems running R81.10.17? If so, can you point me in the right direction? I haven't been able to find it.
@Jerry_Eblin
Yes, it's available in centrally managed mode as well. This is configured directly from the Spark WEBUI or CLISH and not SmartConsole.
In WEBUI, Go to [Device] -> [System Operations] Where you will see a [Scheduled Reboot] button.
You can configure Onetime or periodic recurrence like [Daily/Weekly/Monthly] for specific Time/Weekday/Day of Month.
Thanks Tom! I must have glazed over that completely yesterday as I was digging through the embedded Gaia portal. Definitely appreciate it! Is this the Check Point "preferred" method over using a cron job? Will this get overwritten during a firmware update? I appreciate it, and sorry for the thread necromancy
Considering this is settable in the WebUI, I'd say this will persist across upgrades.
I assume this is just using crond underneath 🙂
Yes, if you configure the feature with WEBUI/CLISH then the settings will survive a firmware upgrade.
Also as PhoneBoy mentioned, its crond in the backend that is used to control this 😉
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 6 | |
| 3 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Tue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityTue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY