Professional Documents
Culture Documents
Sysconfig To Gaia CLI: Technical Reference Guide
Sysconfig To Gaia CLI: Technical Reference Guide
16 October 2012
Classification: [Protected]
2012 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of
relevant copyrights and third-party licenses.
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Latest Documentation
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=21141
For additional technical information, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).
Revision History
Date Description
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Sysconfig to Gaia CLI Technical
Reference Guide).
Contents
4) Time & Date Set or show the time NTP, Time, Date (on page 7)
zone, date, and local
time.
7) DHCP Server Configuration Set or show DHCP DHCP Server (on page 18)
server.
8) DHCP Relay Configuration Set or show DHCP DHCP Relay Configuration (on page 20)
relay.
9) Export Setup Export Check Point Export Setup (on page 21)
environment
configuration as file.
10) Products Installation Install Check Point Run cpconfig in expert mode
products.
11) Products Configuration Configure Check Point Run cpconfig in expert mode
products.
12) Enable / Disable hardware Set or remove Hardware Monitoring (on page 21)
monitoring hardware sensor
monitors on SNMP
Note - To save a configuration changed in the CLI, you must run: save config
Host Name
Description Use this group of commands to configure the host name of your platform.
set hostname VALUE
Syntax show hostname
Comment Host name can also be configured through Gaia WebUI > Hosts and DNS page.
Domain Name
Description Set or show domain name of a computer.
set domainname VALUE
Syntax show domainname
Parameters Parameter Description
VALUE
The name of the domain.
Valid characters: alphanumeric, dash ( - ), period ( . ). Periods must be
followed by an alphanumeric character. A dash or period cannot be the
last character.
Comment Domain name can also be configured through Gaia WebUI > Hosts and DNS page.
DNS
Description Configure, show and delete the DNS servers and the DNS suffix for the Gaia computer.
Syntax To configure the DNS servers and the DNS suffix for the Gaia computer:
set dns primary VALUE
set dns secondary VALUE
set dns tertiary VALUE
set dns suffix VALUE
To show the DNS servers and the DNS suffix for the Gaia computer:
show dns primary
show dns secondary
show dns tertiary
show dns suffix
To delete the DNS servers and the DNS suffix for the Gaia computer:
delete dns primary
delete dns secondary
delete dns tertiary
delete dns suffix
primary
Parameters The server to use when resolving hostnames. This should be a host
running a DNS server.
secondary
The server to use when resolving hostnames if the primary server does
not respond. This should be a host running a DNS server.
tertiary
The server to use when resolving hostnames if the primary and
secondary servers do not respond. This should be a host running a
DNS server.
suffix
A search list for host-name lookup. The search is normally determined
from the local domain name. By default, it contains only the local
domain name. A valid domain name suffix is made up of subdomain
strings separated by periods. Subdomain strings must begin with an
alphabetic letter and may consist only of alphanumeric characters and
hyphens. The domain name syntax is described in RFC 1035 (modified
slightly in RFC 1123).
For example, if you set the DNS Suffix to example.com and try to
ping some host foo (by running ping foo), and foo cannot be
resolved, then the resolving computer will try to resolve
foo.example.com.
VALUE
An IPv4 address
Comment DNS servers can also be configured through Gaia WebUI > Hosts and DNS page.
NTP
Description Use this command to configure and troubleshoot the Network Time Protocol (NTP).
current Shows the host name or IP address of the NTP server you are using
now.
primary Set the host name or IP address of the primary NTP server.
Comments Server-Specifies the host name or IP address of the time server from which your system
synchronizes its clock. The specified time server does not synchronize to the local clock of
your system.
Version-The version number Specifies which version of NTP to run. Check Point
recommends that you run version 3.
Clock
Description Show current system date and time
show clock
Syntax
Date
Description Set the system date
set date <date>
Syntax show date
Time
Description Set the system time in HH:MM:SS format
set time <time of day>
Syntax show time
Output 12:03:54
Time Zone
Description Show and Set the system time zone.
show timezone
Interface
The sysconfig Add New Connection menu:
1) Secondary IP on interface (alias) 5) Loopback connection
Note - Network connections and interfaces can also be configured through Gaia WebUI > Network
Interfaces page.
<Alias IF> Interface alias name in the format <IF>:XX, where XX is the
automatically assigned sequence number.
add interface eth1 alias 10.10.99.1/24
Examples delete interface eth1 alias eth1:2
Comments A new alias interface name is automatically created by adding a sequence number to
the original interface name. For example, the name of first alias added to eth1 is
eth1:0. She second alias added is eth1:1, and so on.
Important - After using CLI commands to add, configure or delete features, you must run the
save config command. This makes sure that the new configuration settings remain after
reboot.
Important - After using CLI commands to add, configure or delete features, you must run the
save config command. This makes sure that the new configuration settings remain after
reboot.
Important - After using CLI commands to add, configure or delete features, you must run the
save config command. This makes sure that the new configuration settings remain after
reboot.
<Mask> IPv4 subnet mask or IPv6 mask length using CIDR ( /xx)
notation.
Important - After using CLI commands to add, configure or delete features, you must run the
save config command. This makes sure that the new configuration settings remain after
reboot.
interface VALUE This is the physical Interface which will forward PPPoE
frames.
user-name VALUE The User name and password are needed to connect to
the PPPoE server at the Internet Service Provider (ISP).
Get them from the ISP.
password VALUE
use-peer-dns VALUE This allows the ISP to define the IPv4 DNS server for the
Gaia system. The ISP supplies either one IPv4 DNS
server (the Primary) or two (Primary and Secondary).
Note - If you select Use Peer DNS, the IPv4 DNS servers
configured in Network Management > Hosts and DNS
are overwritten by the PPPoE Peer DNS servers.
use-peer-as-default This makes the ISP server the Default Gateway for the
-gateway VALUE Gaia system.
ipv6-autoconfig If on, automatically gets the IPv6 address from the DHCP
mask-length Configures IPv4 or IPv6 subnet mask length using CIDR ( /xx)
notation
Important - After using CLI commands to add, configure or delete features, you must run the
save config command. This makes sure that the new configuration settings remain after
reboot.
Static-Route
Set Default Gateway
Description Set the default gateway.
set static-route default nexthop gateway address <GW IP> on|off
Syntax
off Deletes the specified route or next hop. If you specify a next hop, only
the specified path is deleted. If no next hop is specified, the route and
all related paths are deleted.
<GW IP>
Values Gateway IP address in dotted decimal format without a net mask.
set static-route default nexthop gateway address 192.0.2.1 on
Examples
IPv4
You only use the set operation with the static-route command, even when adding or deleting a static
route.
reject Drops packets and sends an error message to the traffic source.
logical Identifies the next hop gateway by the interface that connects to it. Use
this option only if the next hop gateway has an unnumbered interface.
priority Assigns a path priority when there are many different paths. The
available path with the lowest priority value is selected.
off Deletes the specified route or next hop. If you specify a next hop, only
the specified path is deleted. If no next hop is specified, the route and
all related paths are deleted.
rank Selects a route when there are many routes to a destination that use
different routing protocols. The route with the lowest rank value is
selected.
Use the rank keyword in place of the nexthop keyword with no other
parameters.
<Destination>
Values Destination IP address using dotted decimal/mask length (slash)
notation. You can use the default keyword instead of an IP address
when referring to the default route.
<GW IP>
Gateway IP address in dotted decimal notation in dotted decimal format
without a net mask.
<GW IF>
Name of the interface that connects to the next hop gateway.
<P Value>
Priority. An integer between 1 and 8 (default=1).
<Rank Value>
Rank. An integer between 0 and 255 (default=0).
Comments There are no add commands for the static-route feature. To show static routes, run
show route static
IPv4 static routes can also be configured through Gaia WebUI > IPv4 Static Routes page.
IPv6
This section includes a complete command reference for the ipv6 static-route command. You can
only use the set operation with this command, even when adding or deleting a static route.
off Deletes the specified route or next hop. If you specify a next hop, only
the specified path is deleted. If no next hop is specified, the route and
all related paths are deleted.
reject Drops packets and sends an error message to the traffic source.
interface Identifies the next hop gateway by the interface that connects to it. Use
this option only if the next hop gateway has an unnumbered interface.
priority Assigns a path priority when there are many different paths. The
available path with the lowest priority value is selected. The gateway
with the lowest priority value is selected.
<Destination>
Value Destination IP address.
<Route Type>
gateway - Accepts and sends packets to the specified destination
reject - Drops packets and sends an error message to the traffic
source
blackhole - Drops packets, but does not send an error message-
<GW IP>
Identifies the next hop gateway by its IP address.
<GW IF>
Identifies the next hop gateway by the interface that connects to it. Use
this option only if the next hop gateway has an unnumbered interface.
<P Value>
Integer value between 1 and 8 (default=1).
IPv6 static routes can also be configured through Gaia WebUI > IPv6 Static Routes page.
DHCP Server
Description DHCP Server commands allow you to configure the Gaia device as DHCP server for
network hosts.
netmask VALUE The IPv4 subnet mask in CIDR notation. For example,
24
start VALUE The IPv4 address that starts the allocated IP Pool range. For
example 192.0.2.20
end VALUE The IPv4 address that ends the allocated IP Pool range. For
example 192.0.2.90
include-ip-pool The range of IPv4 addresses to include in the IP pool. For example
VALUE 192.0.2.20-192.0.2.90
exclude-ip-pool The range of IPv4 addresses to exclude from the IP pool. For
VALUE example: 192.0.2.155-192.0.2.254
enable Enable the DHCP Server subnet, or the DHCP Server process
(depending on the context).
disable Disable the DHCP Server subnet, or the DHCP Server process
(depending on the context).
default-lease The default lease in seconds, for host IPv4 addresses. This is
VALUE applied only if clients do not request a unique lease time. If you do
not enter a value, the configuration default is 43,200 seconds.
max-lease VALUE The maximum lease in seconds, for host IPv4 addresses. This is
the longest lease available. If you do not enter a value, the
configuration default is 86,400 seconds.
default-gateway The IPv4 address of the default gateway for the network hosts
VALUE
domain VALUE The domain name of the network hosts. For example,
example.com.
dns VALUE The DNS (Domain Name Service) servers that the network hosts
will use to resolve hostnames. Optionally, specify a primary,
secondary and tertiary server in the order of precedence. For
example
192.0.2.101, 192.0.2.102, 192.0.2.103
subnet VALUE The IP pools in the DHCP Server subnet, and their status: Enabled
ip-pools or Disabled.
relay-to The server to which BOOTP requests are forwarded. You can specify more than one
ip_address server.
<on | off>
Comment DHCP Relay can also be configured through Gaia WebUI > DHCP Relay page.
Export Setup
You can export the management setup to a file.
1. Log in to expert mode.
2. Run: $FWDIR/bin/upgrade_tools/upgrade_export -n /var/tmp/cpexport
The setup is saved at: /var/tmp/cpexport.tgz
Hardware Monitoring
In SecurePlatform sysconfig, you can enable or disable hardware monitoring. In Gaia, it is always enabled. If
you want to turn it off, contact Check Point Technical Support.
Important - config_system is NOT intended for ongoing system configuration. It is only for the
first configuration.