Friday, August 10, 2012

MDM R75.40 GAiA based - some gotchas

I have installed a new MDM server (a.k.a Provider-1 MDS) today, and it is R75.40 GAiA based thing.

It was quite interesting experience, considering this is the first GAiA version of MDM. There are some minor things you may want to know.

1. Idle timeout can only be set from WebUI. But even there, it does not seem to work. It did not work for me, although I might be doing something wrong.
2. mds commands are ONLY available from expert shell and not from CLISH. That is a shame, considering, timeout is not exactly OK.
3. Said that, the first configuration and MDS roles are both done from WebUI now.
4. Expert password can only be saved if you set in in CLISH and then log off. If you just reboot, as I did, it is lost, and you have to re-define it again. Such an ugly bug.
5. SmartLog is complaining about having not enough space to start. It might be just my lab server, but I have an impression it reads free space on /opt wrongly.

Feel free to share your own experience.

Update: MDS commands are actually working from CLISH after reboot. What's a relief...


  1. Hi Valery,

    Actually I have the same issue with timeout on regular GW/SMS GAiA installation. In expert mode the system doesn't response to changing $TMOUT variable at all.

    1. Well, I have had a feeling it is a new GAiA bug...

  2. Hi Valeri,

    you can define at least some mds commands (for instance the ones from /opt/CPmds-R75.40VS/scripts/) for use from within clish via "add command". mcd and mdsenv though are functions defined in /opt/CPmds-R75.40VS/scripts/, so you must first create small shell scripts for them and then add these using "add command".



    1. Sure, Jens, you can do a lot of stuff. My point is Check Point bluntly neglected that part of MDM usability, and that's a shame, in my humble opinion.

  3. unset TMOUT seems to work regarding timeouts, but then it never times out

  4. 1) You can check the command 'set inactivity-timeout' for idle timeout
    2) For first time configuration there is one more option - config_system
    3) The reboot command asks for saving config, so if you select 'Y', you have the expert password saved. Also you can run the command 'save config'
    4)While doing the installation, you can actually specify and increase the size of the partition where logs are stored

  5. Adjusting the shell timeout in /etc/bashrc did work for me.
    < export TMOUT=`expr $IDLE \* 60`
    > export TMOUT=`expr $IDLE \* 3600`