Table of Contents:

1. Overview
2. Syntax
3. Configuration Options
4. Examples of configuration files
5. Related solutions

 

(1) Overview

Check Point Security Gateway and Check Point Security Management Server on Gaia OS require running the First Time Configuration Wizard in order to operate.

To invoke the First Time Configuration Wizard through CLI, run the config_system command from the Expert shell (which is a Bash shell script /bin/config_system). Note: you have to create the Expert password first.

The main purpose of the 'config_system' utility is to provide easy and convenient command line interface to complete system's First Time Configuration during Gaia OS deployment.

Note: The 'config_system' utility does not install or configure the system directly. This utility actually calls different infrastructures for that purpose (TCL scripts).

 

(2) Syntax

To use the config_system utility, administrator should have either configuration file, or configuration string (refer to section "Configuration Options" below) and execute the /bin/config_system utility from Expert mode with the relevant options:

[Expert@HostName:0]# config_system <options>

Short syntax	Long syntax	Description
-h	--help	Display this help.
-f <file name>	--config-file <file name>	Read the First Time Configuration from the specified configuration file.
-s <string>	--config-string "<string>"	Read the First Time Configuration from the provided configuration string. Configuration string itself must be enclosed in double-quotes. Each parameter should include a key followed by value (spaces are not allowed) - e.g., param1=value1. Parameters should be separated by '&' (spaces are not allowed) - e.g., param1=value1&param2=value2.
-t <file name>	--create-template <file name>	Save the list of all configurable parameters and their descriptions into the specified template file.
N/A	--dry-run	Verify that the provided First Time Configuration file / string is valid. Used with "-f | --config-file" and "-s | --config-string" options.
-l	--list-params	List the configurable parameters on the screen. To save this output into a file, run: [Expert@HostName:0]# config_system --list-params > /var/log/config_parameters.txt

Notes:

• After the config_system utility completes, the machine must be rebooted to complete the configuration.
• Some information is saved by the config_system utility into /tmp/ftw_cli.log file.
• If both the configuration file and the configuration string are provided, then configuration string is ignored.
• To prevent connectivity issues with the machine during the configuration, it is recommended to execute the config_system utility from serial console.
• In Multi-Domain Management, first run "mdsenv <CMA/Domain name>" to move to environment of the specific CMA/Domain. 

 

(3) Configuration Options

The easiest way to create an input configuration string is to create a template file, fill the relevant fields in this template according to the description of each field in the template, and then copy-and-paste the relevant fields with their values to create the final configuration string.

Procedure:

1. Save the list of all configurable parameters and their descriptions into the specified template file:

   [Expert@HostName:0]# config_system --create-template /path_to/name_of_template_file

2. Edit the /path_to/name_of_template_file file - assign the desired values in the relevant fields.
   
   Note: to enable / disable IPv4 and IPv6, define the following fields: 
   
   ipstat_v4 (manually / off)
   ipstat_v6 (manually / off)
   
   Starting from R80.10, these parameters have default values, but in older version you must configure them (manually or off).

3. Validate the modified template, while skipping the system configuration stage:

   [Expert@HostName:0]# config_system --dry-run --config-file /path_to/name_of_template_file

4. Configure the machine:

   • Either using the configuration file /path_to/name_of_template_file:

     [Expert@HostName:0]# config_system --config-file /path_to/name_of_template_file

   • Or using the configuration string created from the configuration file /path_to/name_of_template_file:

     [Expert@HostName:0]# config_system --config-string "<final_string>"

5. Reboot the machine to complete the configuration.

 

(4) Examples of configuration files

• Show / Hide example of configuration file for Security Gateway
  

  # Mandatory parameters - change the values specific to your setup
  hostname=NEW_GW
  ftw_sic_key=
  
  # Mandatory parameters - do not change
  install_security_managment="false"
  install_security_gw="true"
  gateway_daip="false"
  install_ppak="true"
  gateway_cluster_member="false"
  
  # Optional parameters - recommended - sk94508 + sk94509 
  download_info="true"
  upload_info="true"
  
  # Optional parameters - uncomment the required field and fill the value
  # Domain name
  # domainname=
  
  # DNS
  # primary=
  # secondary=
  # tertiary=
  
  # Time zone
  # timezone='America/New_York'
  
  # Hash of the password of user 'admin' used for access to CLI and WebUI
  # admin_hash=''
  

• Show / Hide example of configuration file for Primary Security Management Server
  

  # Mandatory parameters - change the values specific to your setup
  hostname=NEW_MGMT
  mgmt_admin_name=
  mgmt_admin_passwd=
  mgmt_gui_clients_radio=any
  
  # Mandatory parameters - do not change
  install_security_managment="true"
  install_security_gw="false"
  install_mgmt_primary="true"
  install_mgmt_secondary="false"
  
  # Optional parameters - recommended - sk94508 + sk94509 
  download_info="true"
  upload_info="true"
  
  # Optional parameters - uncomment the required field and fill the value
  # Domain name
  # domainname=
  
  # DNS
  # primary=
  # secondary=
  # tertiary=
  
  # Time zone
  # timezone='America/New_York'
  
  # Hash of the password of user 'admin' used for access to CLI and WebUI
  # admin_hash=''
  

• Show / Hide example of configuration file for StandAlone
  

  This example applies to StandAlone installation - Security Gateway and Security Management Server on the same machine.

  # Mandatory parameters - change the values specific to your setup
  hostname=NEW_SA
  mgmt_admin_name=
  mgmt_admin_passwd=
  mgmt_gui_clients_radio=any
  
  # Mandatory parameters - do not change
  install_security_managment="true"
  install_security_gw="true"
  install_mgmt_primary="true"
  install_mgmt_secondary="false"
  
  # Optional parameters - recommended - sk94508 + sk94509 
  download_info="true"
  upload_info="true"
  
  # Optional parameters - uncomment the required field and fill the value
  # Domain name
  # domainname=
  
  # DNS
  # primary=
  # secondary=
  # tertiary=
  
  # Time zone
  # timezone='America/New_York'
  
  # Hash of the password of user 'admin' used for access to CLI and WebUI
  # admin_hash=''
  

 

(5) Related solutions

• sk111119 - How to run the First Time Configuration Wizard through CLI in Gaia R75.40 / R75.40VS / R75.45 / R75.46 / R75.47
• sk101712 - Gaia command 'config_system' does not complete the configuration
• sk100729 - Running config_system causes issues with NTP settings through Gaia Web Portal