11/13/13

Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

Global Sites
Solution ID: sk69701

My Account

How to run the First Time Configuration Wizard through CLI in Gaia

Product: Security Gateway, Security Management Version: R75.40, R75.40VS, R76 Last Modified: 12-Aug-2013

Solution

Check Point Security Gateway and Check Point Security Management require running the First Time Configuration Wizard in order to be configured correctly. The First Time Co To invoke the First Time Configuration Wizard through CLI, run the c o n f i g _ s y s t e mcommand from the Expert shell. 1. Run: [ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mt< f i l e _ n a m e > This will create an empty template file for system configuration. 2. Open the file you created with a text editor and fill the appropriate fields. 3. Run: [ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mf< f i l e _ n a m e > This will run the First Time Configuration Wizard with the information provided in the filename. The system is ready now.

Table of Contents: Abstract Purpose of 'config_system' Usage Run stages How to create configuration file or configuration string How to run first time configuration from command line Example of configuration file for StandAlone machine

Abstract
configured easily using "clish" shell) through serial/remote terminal connection. In order to fulfill this specific customers' requirements, 'c o n f i g _ s y s t e m ' utility was developed (which is a Bash shell script / b i n / c o n f i g _ s y s t e m ). Important note: the 'c o n f i g _ s y s t e m ' utility is not intended for ongoing system configuration.

In order to complete interactive First Time Wizard configuration process, customers use Web interface. There are many customers with large device install-base that use auto

Purpose of 'config_system'

The main purpose of 'c o n f i g _ s y s t e m ' utility is to provide easy and convenient command line interface to complete system's First Time configuration during system deployment interactive configuration tools (like 's y s c o n f i g ' utility that is used in SecurePlatform OS).

Usage
[ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mh e l p U s a g e :c o n f i g _ s y s t e m< o p t i o n s > w h e r ec o n f i g _ s y s t e mo p t i o n si n c l u d e : f | c o n f i g f i l e< p a t h > R e a df i r s tt i m ew i z a r dc o n f i g u r a t i o n f r o m< p a t h > . s | c o n f i g s t r i n g< s t r i n g > R e a df i r s tt i m ew i z a r dc o n f i g u r a t i o n f r o ms t r i n g . t | c r e a t e t e m p l a t e< p a t h > W r i t ef i r s tt i m ew i z a r d c o n f i g u r a t i o n t e m p l a t ef i l ei n< p a t h > . d r y r u n V e r i f yt h a tf i r s tt i m ew i z a r d c o n f i g u r a t i o nf i l ei sv a l i d . l | l i s t p a r a m s L i s tc o n f i g u r a b l ep a r a m e t e r s .

https://supportcenter.checkpoint.com/supportcenter/portal/media-type/html/role/supportcenterUser/page/print.psml?action=portlets.SearchResultMainAction&eve 1/4

11/13/13

Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

I fb o t h ,c o n f i g u r a t i o nf i l ea n ds t r i n g ,w e r ep r o v i d e d ,c o n f i g u r a t i o n s t r i n gw i l lb ei g n o r e d . C o n f i g u r a t i o ns t r i n gs h o u l dc o n s i s to fp a r a m e t e r ss e p a r a t e db y' & ' . E a c hp a r a m e t e rs h o u l di n c l u d ek e yf o l l o w e db yv a l u ee . g .p a r a m 1 = v a l u e . F o rt h el i s to fa l lc o n f i g u r a b l ep a r a m e t e r sa n dt h e i rd e s c r i p t i o n s , c r e a t ec o n f i g u r a t i o nt e m p l a t ef i l ew i t hc o n f i g _ s y s t e mt< p a t h >. [ E x p e r t @ H o s t N a m e ] #

Run stages
There are few controllable stages of 'c o n f i g _ s y s t e m ' run process: 1. Receive a string or a configuration file from the user customer as an input. 2. Parse the input. 3. Validate the input. 4. For each parameter call relevant I/S (tcl scripts) that was developed for Web version of First Time Wizard.

Pay attention!

The 'c o n f i g _ s y s t e m ' utility does not install or configure system directly. This utility actually calls different infrastructures that were developed for Web version of First Time W 'config_system' run - products should be configured identically by the same I/S.

For historical reasons, all logic was developed on the client side of FTW, thus had to be duplicated in 'c o n f i g _ s y s t e m ' as well. This can lead to inconsistency if logic was upda

How to create configuration file or configuration string

In order to dump a template, run: [ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mc r e a t e t e m p l a t et e m p l a t e _ f i l e Now, user can edit the t e m p l a t e _ f i l e . In order to check that configuration file is valid, and all answers are proper, user can perform a validation process. Syntax below will allow to read the configuration file and to perform the validation, while skipping the system configuration stage: [ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mc o n f i g f i l et e m p l a t e _ f i l ed r y r u n From validated configuration file a configuration string can be created. Configuration string should consist of parameters separated by '&' character. Each parameter should include key followed by the value, e.g., p a r a m 1 = t r u e & p a r a m 2 = t r u e & p a r a m 3 = f a l s e & p a r a m 4 = d e a d b e e f .

The easiest way to create an input file or a configuration string is to create a template file and fill the relevant fields in this template according to the fields' description in the

How to run first time configuration from command line

Now, the system can be configured: According to the configuration file: [ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mc o n f i g f i l et e m p l a t e _ f i l e or according to the configuration string:

[ E x p e r t @ H o s t N a m e ] #c o n f i g _ s y s t e mc o n f i g s t r i n g " h o s t n a m e = m y h o s t & d o m a i n n a m e = n n m . c o m & t i m e z o n e = ' A m e r i c a / I n d i a n a / I n d i a n a p o l i s ' & f t w _ s i c _ k e y = a a a a & i n s t a l l _ s e c u r i t y _ g w = t r u e & g a t e w a y _ d a i p = f a l s e & i n s t

Example of configuration file for StandAlone machine (Security Gateway and same machine)
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P r o d u c t sc o n f i g u r a t i o n # # # # F o rk e y sb e l o ws e t" $ T R U E " / " $ F A L S E "a f t e r' = ' w i t h i nt h eq u o t e s # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #I n s t a l l$ T A G _ G W . i n s t a l l _ s e c u r i t y _ g w = t r u e #I n s t a l l$ T A G _ P P A K( a k aP e r f o r m a n c eP a c k ) . i n s t a l l _ p p a k = t r u e

https://supportcenter.checkpoint.com/supportcenter/portal/media-type/html/role/supportcenterUser/page/print.psml?action=portlets.SearchResultMainAction&eve 2/4

11/13/13
i n s t a l l _ p p a k = t r u e

Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

#E n a b l eD A I P( d y n a m i ci p )g a t e w a y . #S h o u l db e" $ F A L S E "i fC X Lo r$ T A G _ M G M Te n a b l e d g a t e w a y _ d a i p = " f a l s e " #E n a b l e / D i s a b l eC X L . g a t e w a y _ c l u s t e r _ m e m b e r = f a l s e #I n s t a l l$ T A G _ M G M T . i n s t a l l _ s e c u r i t y _ m a n a g m e n t = t r u e #O p t i o n a lp a r a m e t e r s ,o n l yo n eo ft h ep a r a m e t e r sb e l o wc a nb e" t r u e " . #I fn op r i m a r yo fs e c o n d a r ys p e c i f i e d ,l o gs e r v e rw i l lb ei n s t a l l e d . #R e q u i r e s$ T A G _ M G M Tt ob ei n s t a l l e d . i n s t a l l _ m g m t _ p r i m a r y = t r u e i n s t a l l _ m g m t _ s e c o n d a r y = f a l s e # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P r o d u c t sP a r a m e t e r s # # # # F o rk e y sb e l o ws e tv a l u ea f t e r' = ' # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #M a n a g e m e n ta d m i n i s t r a t o rn a m e #M u s tb ep r o v i d e d ,i f$ T A G _ M G M Ti n s t a l l e d m g m t _ a d m i n _ n a m e = a a #M a n a g e m e n ta d m i n i s t r a t o rp a s s w o r d #M u s tb ep r o v i d e d ,i f$ T A G _ M G M Ti n s t a l l e d m g m t _ a d m i n _ p a s s w d = a a a a #M a n a g e m e n tG U Ic l i e n ta l l o w e de . g .a n y ,1 . 2 . 3 . 4 ,1 9 2 . 1 6 8 . 0 . 0 / 2 4 #S e tt o" a n y "i fa n yh o s ta l l o w e dt oc o n n e c tt om a n a g m e n t #S e tt o" r a n g e "i fr a n g eo fI P sa l l o w e dt oc o n n e c tt om a n a g e m e n t #S e tt o" n e t w o r k "i fI P sf r o ms p e c i f i cn e t w o r ka l l o w e dt oc o n n e c t #t om a n a g e m e n t #M u s tb ep r o v i d e di f$ T A G _ M G M Ti n s t a l l e d m g m t _ g u i _ c l i e n t s _ r a d i o = a n y # #I nc a s eo f" r a n g e " ,p r o v i d et h ef i r s ta n dl a s tI P si nd o t t e df o r m a t m g m t _ g u i _ c l i e n t s _ f i r s t _ i p _ f i e l d = m g m t _ g u i _ c l i e n t s _ l a s t _ i p _ f i e l d = # #I nc a s eo f" n e t w o r k " ,p r o v i d eI Pi nd o t t e df o r m a ta n dn e t m a s kl e n g t h #i nr a n g e0 3 2 m g m t _ g u i _ c l i e n t s _ i p _ f i e l d = m g m t _ g u i _ c l i e n t s _ s u b n e t _ f i e l d = #S e c u r eI n t e r n a lC o m m u n i c a t i o nk e y ,e . g ." a a a a " #M u s tb ep r o v i d e d ,i fp r i m a r y$ T A G _ M G M Tn o ti n s t a l l e d f t w _ s i c _ k e y = # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # O p e r a t i n gS y s t e mc o n f i g u r a t i o n-o p t i o n a ls e c t i o n # # # # F o rk e y sb e l o ws e tv a l u ea f t e r' = ' # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #P a s s w o r d( h a s h )o fu s e ra d m i n . #T og e th a s ho fa d m i np a s s w o r df r o mc o n f i g u r e ds y s t e m : # " d b g e tp a s s w d : a d m i n : p a s s w d : #O R # g r e pa d m i n/ e t c / s h a d o w|c u td :f 2 # #I M P O R T A N T !I no r d e rt op r e s e r v et h el i t e r a lv a l u eo fe a c hc h a r a c t e r #i nh a s h ,i n c l o s eh a s hs t r i n gw i t h i nt h eq u o t e s . # e . ga d m i n _ h a s h = ' p u t _ h e r e _ y o u r _ h a s h _ s t r i n g ' # #O p t i o n a lp a r a m e t e r a d m i n _ h a s h = ' $ 1 $ N h T H 9 u H l $ 2 D A 3 n Y p E V x x p J 2 h H L K Y 6 c / ' #I n t e r f a c en a m e ,o p t i o n a lp a r a m e t e r i f a c e = e t h 0 #M a n a g e m e n ti n t e r f a c eI Pi nd o t t e df o r m a t( e . g .1 . 2 . 3 . 4 ) , #m a n a g e m e n ti n t e r f a c em a s kl e n g t h( i nr a n g e0 3 2 ,e , g2 4)a n d #d e f a u l tg a t e w a y . #P a ya t t e n t i o n ,t h a ti fy o ur u nf i r s tt i m ec o n f i g u r a t i o nr e m o t e l y #a n dy o uc h a n g eI P ,i no r d e rt om a i n t a i nt h ec o n n e c t i o n , #a no l dI Pa d d r e s sw i l lb er e t a i n e d a sas e c o n d a r yI Pa d d r e s s . #T h i ss e c o n d a r yI Pa d d r e s sc a nb ed e l e t el a t e r . #Y o u rs e s s i o nw i l lb ed i s c o n n e c t e da f t e rf i r s tt i m ec o n d i g u r a t i o n #p r o c e s s . #O p t i o n a lp r a m e t e r ,r e q u i r e s" i f a c e "t ob es p e c i f i e d i p a d d r = 1 9 2 . 1 6 8 . 1 0 0 . m a s k l e n = 2 4 d e f a u l t _ g w = 1 9 2 . 1 6 8 . 1 0 0 . 2 5 4 #H o s tN a m ee . gh o s t 1 2 3 ,o p t i o n a lp a r a m e t e r

https://supportcenter.checkpoint.com/supportcenter/portal/media-type/html/role/supportcenterUser/page/print.psml?action=portlets.SearchResultMainAction&eve 3/4

11/13/13

#H o s tN a m ee . gh o s t 1 2 3 ,o p t i o n a lp a r a m e t e r h o s t n a m e = b i s l i

Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

#D o m a i nN a m ee . g .c h e c k p o i n t . c o m ,o p t i o n a lp a r a m e t e r d o m a i n n a m e = c h e c k p o i n t . c o m #T i m eZ o n ei nf o r m a tA r e a / R e g i o n( e . gA m e r i c a / N e w _ Y o r ko rE t c / G M T 5 ) #P a ya t t e n t i o nt h a tG M To f f s e ts h o u l db ei nc l a s s i cU T Cn o t a t i o n : #G M T 5i s5h o u r sb e h i n dU T C( i . e .w e s tt oG r e e n w i c h ) #I n c l o s et i m ez o n es t r i n gw i t h i nt h eq u o t e s . #O p t i o n a lp a r a m e t e r t i m e z o n e = ' A s i a / J e r u s a l e m ' #N T Ps e r v e r s #N T Pp a r a m e t e r sa r eo p t i o n a l n t p _ p r i m a r y = 1 . 1 . 1 . 1 n t p _ s e c o n d a r y = 2 . 2 . 2 . 2 #D N S-I Pa d d r e s so fp r i m a r y ,s e c o n d a r y ,t e r t i a r yD N Ss e r v e r s #D N Sp a r a m e t e r sa r eo p t i o n a l . p r i m a r y = 1 9 2 . 1 6 8 . 1 . 1 s e c o n d a r y = 1 9 2 . 1 6 8 . 2 . 2 t e r t i a r y = 3 . 3 . 3 . 3 * * * * N o t e:A f t e rt h i ss c r i p tc o m p l e t e s ,ar e b o o ts h o u l db ed o n ef o rt h i sd e v i c et oc o m p l e t et h ec o n f i g u r a t i o n * * * * *

2013 Check Point Software Technologies Ltd. All rights reserved. Check Point Software Technologies, Inc. is a wholly owned subsidiary of Check Point Software Technologies Ltd.

https://supportcenter.checkpoint.com/supportcenter/portal/media-type/html/role/supportcenterUser/page/print.psml?action=portlets.SearchResultMainAction&eve 4/4