When new administrators begin their career in Check Point deployments, a common question is: “Which is better to use? GUI configuration or CLI configuration?” In some cases using the GUI option is the better option … especially if you’re not comfortable with the cli interface … while in other situations, using the cli may be faster and more efficient.
First time Configuration Wizard
One of the first areas this choice presents itself is when administrators are configuring a Check Point Gateway/Firewall for the first time. The WEB GUI option is perfectly viable option and is invoked when you first log in to the WEB UI after installation and queries you with a series of questions to configure the system.
However, when you have multiple gateways you need to configure, it might be more effective to script the configuration out and run via the cli. This can be accomplished by creating a script which provides the required information using the expert mode cli command config_system:
After the script is created, you then modify it with the required settings and apply to the appliance:
This eliminates the need to use the GUI. For each additional gateway, just modify the script accordingly:
A quick side note on this option: Prior to applying the settings, it is advisable to test the script to ensure it validity. This is accomplished by running:
Once the initial system configuration is complete, there are a myriad number of settings needing to be provided to finalize the configuration of the Gateway/Security Management Server: IP Configuration, Banner messages, routes, etc.! Once again, you have the option of using either the Web UI or the cli to complete this task. I prefer the cli as I can script it! For example, to configure the IP addresses from the GUI log on to the Web UI (make sure you use a secure connection!).
Or, using putty run the following commands (I prefer to script it and/or copy/paste!)
The choice whether to use the CLI or the GUI option for all your settings is, in many cases, a matter of preference. In the next Check Point blog, we will look at the options for using the SMART Console to configure your security environment or using the built-in API options!
If you or a co-worker are interested in training in Check Point, check out our next Guaranteed-to-Run courses.