1. Trang chủ
  2. » Công Nghệ Thông Tin

Gaia R75.40 Administration Guide potx

210 1,8K 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 210
Dung lượng 1,78 MB

Nội dung

15 March 2012 Administration Guide Gaia R75.40 Classification: [Protected] © 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=14001 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the R75.40 home page (http://supportcontent.checkpoint.com/solutions?id=sk67581). Revision History Date Description 15-Mar-2012 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Gaia R75.40 Administration Guide). Contents Important Information 3 Gaia Overview 9 Introduction to the WebUI 10 WebUI Overview 10 Logging in to the WebUI 11 Working with the Configuration Lock 12 Interface Elements 12 Toolbar Accessories 12 Using the Search Tool 12 Navigation Tree 13 Status Bar 13 The Configuration Tab 13 The Monitoring Tab 13 Introduction to the Command Line Interface 15 Saving Configuration Changes 15 Commands and Features 15 Command Completion 17 Command History 18 Reusing Parts of Commands 19 Command Line Movement and Editing 19 Obtaining a Configuration Lock 20 Environment Commands 21 Client Environment Output Format 23 Expert Mode 23 User Defined (Extended) Commands 24 System Information Overview 25 Showing System Overview Information- WebUI 25 Showing System Overview Information - CLI (uptime, version) 26 Interface Management 28 Network Interfaces 28 Interface Link Status 28 Configuration using the CLI 30 Physical Interfaces 32 Aliases 35 VLAN Interfaces 35 Bond Interfaces (Link Aggregation) 39 Bridge Interfaces 45 Loopback Interfaces 47 VPN Tunnel Interfaces 49 ARP 54 Configuring ARP- WebUI 54 Configuring ARP - CLI (arp) 55 DHCP Server 56 Configuring a DHCP Server- WebUI 56 Configuring a DHCP Server - CLI (dhcp) 57 Hosts and DNS 59 Host Name 59 Host Addresses 60 Domain Name Service (DNS) 61 IPv4 Static Routes 63 Configuring IPv4 Static Routes - WebUI 64 Configuring Static Routes - CLI (static-route) 67 IPv6 Static Routes 70 Configuring IPv6 Static Routes - WebUI 70 Configuring IPv6 Static Routes - CLI (ipv6 static-route) 71 System Management 74 Time 74 Configuring Time and l - WebUI 74 Configuring NTP 75 Configuring NTP - CLI (ntp) 77 Setting the Date Manually - CLI (date) 78 Showing the Time & Date - CLI (clock) 78 Setting the Time Manually - CLI (Time) 78 Setting the Time Zone Manually - CLI (timezone) 78 Time 78 SNMP 79 SNMP Proxy Support for Check Point MIB 82 Configuring SNMP - WebUI 82 Configuring SNMP - CLI (snmp) 87 Interpreting Error Messages 90 Job Scheduler 92 Configuring Job Scheduler - WebUI 92 Configuring Job Scheduler - CLI (cron) 93 Mail Notification 94 Configuring Mail Notification - WebUI 95 Configuring Mail Notification - CLI (mail-notification) 95 Messages 95 Configuring Messages - WebUI 95 Configuring Messages - CLI (message) 96 Session 97 Configuring the Session - WebUI 97 Configuring the Session - CLI (inactivity-timeout) 97 System Logging 97 Configuring System Logging - WebUI 97 Configuring System Logging - CLI (syslog) 98 Network Access 98 Configuring Telnet Access - WebUI 98 Configuring Telnet Access - CLI (net-access) 99 Advanced Routing 100 User Management 101 Change My Password 101 Change My Password - WebUI 101 Change My Password - CLI (selfpasswd) 101 Users 101 Managing User Accounts - WebUI 102 Managing User Accounts - CLI (user) 103 Roles 106 Configuring Roles - WebUI 106 Configuring Roles - CLI (rba) 109 Password Policy 111 Password History Checks 112 Mandatory Password Change 112 Configuring Password Policy- WebUI 112 Configuring Password Policy- CLI (password-controls) 113 Authentication Servers 114 Configuring RADIUS Authentication Servers - WebUI 114 Configuring RADIUS Authentication Servers - CLI (aaa radius-servers) 115 Configuring Nonlocal RADIUS Users using Vendor Specific attributes 117 Configuring TACACS Authentication Servers - WebUI 117 Configuring TACACS Authentication Servers - CLI (aaa tacacs-servers) 118 System Groups 118 Configuring System Groups- WebUI 118 Configuring System Groups - CLI (group) 119 High Availability 121 VRRP 121 How VRRP Works 121 Before Configuring VRRP 124 Configuring VRRP - WebUI 125 Configuring VRRP - CLI (mcvr) 126 Advanced VRRP 127 Configuring Advanced VRRP - WebUI 127 Configuring Advanced VRRP - CLI (vrrp) 132 Maintenance 134 Licenses 134 Configuring Licenses - CLI (cplic) 134 Image Management 142 Configuring Image Management - WebUI 142 Configuring Image Management - CLI (snapshot) 143 Download SmartConsole 144 Download SmartConsole - WebUI 144 Hardware Health Monitoring 144 Showing Hardware Health Monitoring Information - WebUI 144 Showing Hardware Monitoring Information - CLI (sysenv) 144 Shutdown 145 Shutting Down - WebUI 145 Shutting Down - CLI (halt, reboot) 145 Software Updates 146 Configuring a Software Deployment Policy - WebUI 146 Configuring Software Update Notifications - WebUI 147 Configuring Software Deployment - WebUI 147 Configuring Software Deployment – clish (installation) 148 CLI Procedures- Software Updates 149 Security Management Server and Firewall Commands 151 cpca_client 151 cpca_client create_cert 151 cpca_client revoke_cert 151 cpca_client lscert 151 cpca_client set_mgmt_tools 152 cp_conf 152 cp_conf sic 153 cp_conf admin 153 cp_conf ca 153 cp_conf finger 153 cp_conf lic 153 cp_conf client 153 cp_conf ha 153 cp_conf snmp 154 cp_conf auto 154 cp_conf sxl 154 cpconfig 154 cpinfo 154 cpstart 155 cpstat 155 cpstop 157 fw 158 fw -i 158 fw ctl 158 fw ctl debug 159 fw ctl affinity 160 fw ctl engine 162 fw ctl multik stat 163 fw ctl sdstat 163 fw fetch 164 fw fetchlogs 164 fw hastat 165 fw isp_link 165 fw kill 166 fw lea_notify 166 fw lichosts 166 fw log 167 fw logswitch 169 fw mergefiles 170 fw monitor 170 fw lslogs 174 fw putkey 175 fw repairlog 176 fw sam 176 fw stat 180 fw tab 180 fw ver 181 fwm 182 fwm dbimport 182 fwm expdate 183 fwm dbexport 183 fwm dbload 185 fwm ikecrypt 185 fw getcap 185 fwm load 186 fwm lock_admin 186 fwm logexport 187 fwm sic_reset 188 fwm unload <targets> 188 fwm ver 188 fwm verify <policy-name> 188 VPN Commands 190 Overview 190 vpn accel 190 vpn compreset 191 vpn compstat 191 vpn crl_zap 192 vpn crlview 192 vpn debug 192 vpn drv 193 vpn export_p12 194 vpn macutil 194 vpn nssm_toplogy 194 vpn overlap_encdom 195 vpn sw_topology 196 vpn tu 196 vpn ver 197 SmartView Monitor Commands 198 Overview 198 rtm debug 198 rtm drv 198 rtm monitor <module_name>{<interface_name>|-filter "<complex filter>"} 199 rtm monitor <module_name>-v<virtual_link_name> 201 rtm rtmd 202 rtm stat 202 rtm ver 202 rtmstart 202 rtmstop 203 ClusterXL Commands 204 cphaconf 204 cphaprob 205 cphastart 205 cphastop 205 Index 207 Gaia Administration Guide R75.40 | 9 Chapter 1 Gaia Overview Gaia is Check Point's next generation operating system for security applications. In Greek mythology, Gaia is the mother of all, representing closely integrated parts to form a single, efficient system. The Gaia Operating System supports the full portfolio of Check Point Software Blades, Gateway and Security Management products. Gaia is a single, unified network security Operating System that combines the best of Check Point's SecurePlatform operating system, and IPSO, the operating system from appliance security products. Gaia is available for all Check Point security appliances, open servers and virtualized environments. Designed from the ground up for modern high-end deployments, Gaia includes support for:  IPv4 and IPv6 - fully integrated into the Operating System.  High Connection Capacity - 64bit support.  Load Sharing - ClusterXL and Interface bonding.  High Availability - ClusterXL, VRRP, Interface bonding.  Dynamic and Multicast Routing - BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.  Easy to use Command Line Interface - Commands are structured using the same syntactic rules. An enhanced help system and auto-completion further simplifies user operation.  Role Based Administration - Enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user's role definition. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.  Simple and Easy upgrade - from IPSO and SecurePlatform. Gaia Software Updates  Get updates for licensed Check Point products directly through the operating system.  Download and install the updates more quickly. Download automatically, manually, or periodically. Install manually or periodically.  Get email notifications for new available updates and for downloads and installations.  Easy rollback from new update. Gaia Administration Guide R75.40 | 10 Chapter 2 Introduction to the WebUI This chapter gives a brief overview of the WebUI interface and procedures for using the interface elements. In This Chapter WebUI Overview 10 Logging in to the WebUI 11 Interface Elements 12 WebUI Overview  The Gaia WebUI is an advanced, web-based interface for configuring Gaia platforms. Almost all system configuration tasks can be done through this Web-based interface.  Easy Access - Simply go to https://<Device IP Address>.  Browser Support - Internet Explorer, Firefox, Chrome and Safari.  Powerful Search Engine - makes it easy to find features or functionality to configure.  Easy Operation - Two operating modes. 1) Simplified mode shows only basic configuration options. 2) Advanced mode shows all configuration options. You can easily change modes.  Web-Based Access to Command Line - Clientless access to the Gaia CLI directly from your browser. [...]... show version product Gaia Administration Guide R75.40 | 26 System Information Overview Description Parameters Show the name and versions of the OS components Parameter Description all Shows all system information os build The Gaia build number os edition The Gaia edition (32-bit or 64-bit) os kernel The Gaia kernel build number product The Gaia version Gaia Administration Guide R75.40 | 27 Chapter 5... Complete or fetch the keyword For example Gaia> set in inactivity-timeout - Set inactivity timeout interface - Displays the interface related parameters Gaia> set in Show the arguments that the command for that feature accepts For example: Gaia> set interface eth0 eth1 lo Gaia> set interface Gaia Administration Guide R75.40 | 17 Introduction to the Command Line Interface... monitoring dynamic routing and VRRP cluster performance Gaia Administration Guide R75.40 | 13 Introduction to the WebUI To see the Monitoring tab, select a routing or high availability feature settings group and then click the Monitoring tab For some settings groups, you can select different types of information from a menu Gaia Administration Guide R75.40 | 14 Chapter 3 Introduction to the Command Line... to clish, run exit Gaia Administration Guide R75.40 | 23 Introduction to the Command Line Interface User Defined (Extended) Commands Description Manage user defined (extended) commands in clish Extended commands include: 1 Built in extended commands These are mostly for configuration and troubleshooting of Gaia and Check Point products 2 User defined commands You can do role based administration (RBA)... all show arp static all show arp table cache-size show arp table validity-timeout Gaia Administration Guide R75.40 | 16 Introduction to the Command Line Interface To do this Show all the possible operations Type show commands op For example Gaia> show commands op save reboot load start commit rollback expert Gaia> show commands Show all commands per operation, per feature halt help set history... the WebUI: 1 Enter this URL in your browser: https:// 2 Enter your user name and password Logging out Make sure that you always log out from the WebUI before you close the browser This is because the configuration lock stays in effect even when you close the browser or terminal window The lock remains in Gaia Administration Guide R75.40 | 11 Introduction to the WebUI effect until a... character Gaia Administration Guide R75.40 | 19 Introduction to the Command Line Interface Keystroke combination Meaning Ctrl-L Clear the screen and show the current line at the top of the screen Ctrl-N Next history item Ctrl-P Previous history item Ctrl-R Redisplay the current line Ctrl-U Delete the current line Obtaining a Configuration Lock Only one user can have Read/Write access to Gaia configuration... commands Gaia Administration Guide R75.40 | 22 Introduction to the Command Line Interface Client Environment Output Format Description The CLI supports three output formats: pretty, structured, and xml Syntax To show the output format show clienv output VALUE To set the output format Parameters set clienv output VALUE Parameter Description pretty Output is formatted to be clear For example Gaia> set... Gaia> set clienv output pretty Gaia> show user admin Uid Name 0 Structured Gid Home Dir Shell Real 0 /home/admin /etc/cli.sh n/a Output is delimited by semi-colons For example Gaia> set clienv output structured Gaia> show user admin Uid;Gid;Home Dir.;Shell;Real Name; 0;0;/home/admin;/etc/cli.sh;; xml Adds XML tags to the output For example Gaia> set clienv output xml Gaia> show user admin ... Commands and Features Gaia commands are organized into features A feature is a group of related commands Commands have the syntax Operation feature parameter The most common operations are show, add, set, delete The 4 main operations Description set Sets a value in the system show Shows a value or values from the system delete Deletes a value from the system Gaia Administration Guide R75.40 | 15 Introduction . 207 Gaia Administration Guide R75. 40 | 9 Chapter 1 Gaia Overview Gaia is Check Point's next generation operating system for security applications. In Greek mythology, Gaia is. example: Gaia& gt; set interface <SPACE> <TAB> eth0 eth1 lo Gaia& gt; set interface Introduction to the Command Line Interface Gaia Administration Guide R75. 40 | 18 Press. Access to Command Line - Clientless access to the Gaia CLI directly from your browser. Introduction to the WebUI Gaia Administration Guide R75. 40 | 11 The WebUI interface Item Description

Ngày đăng: 27/06/2014, 20:20

TỪ KHÓA LIÊN QUAN