5. Check Point Getting Started R80.20. Gaia & CLI
Welcome to the 5th lesson! Last time, we completed the installation and initialization of the management server, as well as the gateway. Therefore, today we are a little "digging" in their guts, or rather in the settings of the Gaia OS. Gaia settings can be divided into two broad categories:
- System settings (IP addresses, Routing, NTP, DNS, DHCP, SNMP, backups, system updates, etc.). These parameters are configured through the WebUI or CLI;
- Security settings (Everything regarding Access Lists, IPS, Anti-Virus, Anti-Spam, Anti-Bot, Application Control, etc. That is, all security features). For this, they already use SmartConsole or API.
In this lesson we will discuss the first point, i.e. System Settings
As I said, these settings can be edited either through the web interface or through the command line. Let's start with the web interface.
It is called Gaia Portal, in Check Point terminology. And you can access it using a browser, “knocking” on https to the device’s IP address. It supports browsers Chrome, Firefox, Safari and IE. Even Edge works, although it is not on the list of officially supported. The portal looks as follows:
A more detailed description of the portal, as well as the default interface and route settings, can be found in the video tutorial below.
Now let's look at the command line.
Check Point CLI
There is still an opinion that Check Point cannot be controlled from the command line. This is not true. Almost all system settings can be changed in the CLI (In fact, you can change the security settings using the Check Point API). There are several ways to get into the CLI:
- Connect to the device via the console port.
- Connect via SSH (Putty, SecureCRT, etc).
- Go to CLI from SmartConsole.
- Or from the web interface by clicking on the “Open Terminal” icon in the top panel.
The symbol > means that you are in the default Shell called Clish . This is a limited mode in which a limited number of commands and settings are available. For full access to all commands, you must enter Expert mode. This can be compared to the CLI from Cisco, where there is a user mode and a privileged mode, which requires the enable command to enter. In Gaia, you must enter the expert command to enter expert mode.
The CLI syntax itself is quite simple: Operation feature parameter
In this case, the four main operators that you will use most often: show, set, add, delete. Finding documentation on CLI commands is quite simple; just google “ Check Point CLI ”. There are also some more sets of useful commands that you will definitely need in your daily work with the checkpoint. You do not need to remember them, there are good guides on these commands, plus there are very useful cheat sheets. I’ll put a link to one of them under the video. I recommend paying attention to two more of our articles:
- Useful Console Commands Checkpoint R80.10 CLI
- Check Point R80.10 API. Management through CLI, scripts and more
We will look at working with Check Point CLI in the video tutorial below.
CLI cheat sheet for Check Point