Welcome to Lesson 5! Last time we completed the installation and initialization of the management server, as well as the gateway. Therefore, today we will “dig a little deeper” in their insides, or rather in the settings of the Gaia operating system. Gaia settings can be divided into two broad categories:
- System settings (IP addresses, Routing, NTP, DNS, DHCP, SNMP, backups, system updates, etc.). These settings are configured via the WebUI or CLI;
- Security Settings (Everything related to Access Lists, IPS, Anti-Virus, Anti-Spam, Anti-Bot, Application Control, etc. That is, all security functionality). To do this, they already use SmartConsole or API.
In this lesson, we will discuss the first point, i.e. System settings.
As I said, these settings can be edited either through the web interface or through the command line. Let's start with the web interface.
Gaia Portal
It is called Gaia Portal, in Check Point terminology. And you can access it using a browser by “knocking” on https on the device’s IP address. The browsers supported are Chrome, Firefox, Safari and IE. Even Edge works, although it's not officially supported. The portal looks like this:
A more detailed description of the portal, as well as setting up interfaces and the default route, can be found in the video tutorial below.
Now let's look at the command line.
Check Point CLI
There is still an opinion that Check Point cannot be controlled from the command line. This is wrong. Almost all system settings can be changed in the CLI (In fact, security settings can also be changed using the Check Point API). There are several ways to get into the CLI:
- Connect to the device via the console port.
- Connect via SSH (Putty, SecureCRT, etc).
- Go to CLI from SmartConsole.
- Or from the web interface by clicking on the “Open Terminal” icon in the top bar.
Symbol > means that you are in the default Shell, which is called Clish. This is a limited mode in which a limited number of commands and settings are available. For full access to all commands, you must be logged into Consultant mode. This can be compared to Cisco's CLI, which has a user mode and a privileged mode that requires the enable command to enter. In Gaia, to enter expert mode, you must enter the expert command.
The CLI syntax itself is pretty simple: operation feature parameter
In this case, the four main operators that you will use most often: show, set, add, delete. Finding documentation on CLI commands is quite easy, just google “". There are also some other sets of useful commands that you will definitely need in your daily work with the checkpoint. You don’t need to memorize them, there are good reference books for these commands, plus there are very useful cheat sheets. I'll post a link to one of them below the video. I recommend to pay attention to two more of our articles:
We will look at working with the Check Point CLI in the video tutorial below.
Video tutorial
Source: habr.com