You may find a Check Point firewall running GAiA Embedded in any size organization, however they are most commonly seen and used in branch offices or even construction sites. The “Embedded GAiA” operating system is based on the core of GAiA OS. It contains a more stripped down version of tools and diagnostics (e.g. uboot, BusyBox, LuaSQLlite3) making it more lightweight and able to run on a proprietary appliance with limited resources. As a result of these adaptations, several of the typical Check Point “firewall” commands and even the output from these commands, can be different on the embedded device and need to be taken into account when automating. For example, ‘ethtool’ and ‘ifconfig’ will display interface names differently than when utilizing CLISH, so when we develop automation that reports on interface details, which is quite often, we take this into account. The parameters for the ‘ls’ command are different, meaning if we want to maintain parity with our classic Check Point automation and issue an alert with a list of core dumps, we need to use ‘ls -le’. An even more interesting example is when we want to issue an event notification based on admin users defined on the device, we use ‘cat /etc/passwd’ instead of CLISH’s, ‘show user admin’, because we noted a truncated output of usernames longer than 6 characters with the latter.
If you are the proud owner of Check Point GAiA Embedded devices in addition to Check Point Security Gateway appliance series, Nokia IPSO appliances or Check Point Security Management appliance you are probably searching for a way to automate tasks consistently across these technologies to save yourself a boat load of time and energy. Well, today is your lucky day! Our team of Knowledge Experts have given extra attention and detail to the existing automation and have fine tuned support for Check Point GAiA Embedded appliances.
Indeni automates related Check Point tasks such as ongoing maintenance, best practices, high availability validation steps and much more. Here are a few examples:
- Gain visibility into critical functions such as cluster status reporting, critical processes and core dump activity, and resource utilization (metrics such as CPU, partition space, memory)
- Increase efficiency of maintenance tasks since you’ll be reminded well in advance of licensing and contracts, SSL certification expirations.
- Implement best practices in order and as needed when a new appliance gets deployed or tweaked.
- Ensure you are running the latest and least vulnerable SNMP agent version, validate your etc/hosts files and confirm SecureXL is properly enabled or disabled.
- Compare configurations across cluster members for a powerful picture of you GAiA embedded environment.
Are you looking for ways to extend the value of your Check Point GAiA Embedded devices or other Check Point Technologies? Download Indeni today and join our community Indeni Crowd to engage with other certified Check Point experts.