Checkpoint CCSA 156-215.80 – Module 2
- Web UI
Obtaining a configuration log. Only one user can have read write access to Gaia configuration settings at a time. All other users can only log in with read only access to view configuration settings as specified by the assigned rules. For example, Administrator A logs in and no other user has read write access. Administrator A receives an exclusive configuration lock with read write access if Administrator A logs in and Administrator B already has the configuration lock, admin A has the option to override Admin B’s lock. If Admin A decides to override the lock, admin B stays locked on but will have read only access. If Admin A does not override the lock, they will be granted read only access. There are two commands used to obtain the configuration lock from another administrator lock database override and unlock database. Note the administrator whose Read Write access is revoked does not receive notifications.
- System Overview Page
Web UI the Web UI is an advanced Web based interface used to configure Gaia platforms. It provides clientless access to the gaia CLI directly from a browser. A majority of system configuration tasks can be done through the Web UI. To access the Web UI, navigate to Https Device IP address login with a username and password. The following browsers support the Web UI, Internet Explorer, Firefox, Chromebook and Safari. The Web UI operates in the following two modes simplified shows only basic configuration options. Advanced shows all configuration options.
- Navigation Tree
System Overview Page The System Overview page displays an overview of the system in various widgets. These widgets can be added or removed from the page, moved around the page, and minimized or expanded. The following widgets are available system overview provide system information including the install product, product version number, kernel build, product build edition, 32 bit or 64 bit platform on which gaia is installed and computer serial number is applicable.
Blades Displays a list of installed software blades. Those that are enabled are colored those that are not enabled are grayed. Out. Network configuration displays interfaces their status and IP addresses. Memory Monitor provides a graphical display of memory usage. CPU monitor provides a graphical display of CPU usage.
- Toolbar
Navigation tree. The navigation tree is used to select a page within the Web UI. Pages are arranged in logical feature groups. There are two viewing modes, basic and advanced. To change the view mode, click View Mode and select a mode from the list. To hide the navigation tree, click the hide icon.
- Search Tool
Toolbar. The toolbar displays whether the user has read write access or is in read-only mode. It is also used to open the console access for CLI commands and open the scratch pad accessory which is used for writing notes. Note the console and scratch pad accessories are available in read write it mode only.
- Status Bar
Search tool. The search tool is used to find an applicable configuration page by entering a keyword which can be a feature, a configuration parameter or a word related to a configuration page.
- Configuration Tab
Status bar. The status bar displays the result of the last configuration operation. To view a history of the configuration operations during the current session, click the expand icon.
- Monitoring Tab
Configuration tab. Under the configuration tab, a user may view and configure parameters for gaia features and settings groups. The parameters are organized into functional setting groups in the navigation tree. Note read write access is required to configure parameters for a settings group.
- Configuration Lock
Monitoring tab. The monitoring tab allows a user to view status and detailed operational statistics in real time. For some routing and high availability setting groups. This ability is useful for monitoring dynamic routing and VRRP cluster performance.
- Users
Configuration lock. To override a configuration lock in the Web UI, click the small lock icon. In the toolbar, the pencil icon which indicates read write access is enabled and will replace the lock icon. Note only users with read ride access privileges can override a configuration lock.
- Roles and Role Based Administration
The Web UI and CLI can be used to manage user accounts and perform the following actions Add users to your gaia system. Edit the home directory of the user edit the default shell for a user assign a password to a user. Assign privileges to users There are two default users that cannot be deleted. The administrator has full retail write access for all gaia features. This user has a user ID of zero and therefore has all of the privileges of a root user. The monitor has read only access for all features in the Web UI and the CLI and can change their own password.
An administrator must provide a password for the monitor before the monitor user account can be used. New users have read only privileges to the Web UI and CLI. By default, they must be assigned one or more roles before they can log in. Note permissions can be assigned to all gaia features or a subset of features without assigning a user ID of zero. If a user ID of zero is assigned to a user account, the user is equivalent to the administrative user, and the roles assigned to that user cannot be modified.
- Configure Roles in WebUI
Roles and role based administration. Role based administration enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user’s. Role definition. Each role can include a combination of read write access to some features, read-only access to other features, and no access to other features. When a user is created, predefined roles or privileges are assigned to the user.
For example, a user with read ride access to user feature can change the password of another user or an administrative user. It is also possible to specify which access mechanisms the Web UI or CLI are available to the user. When users log into the Web UI, they see only those features for which they have read-only or read write access. If they have read only access to a feature, they can see the settings pages but cannot change the settings.
- Configure Roles in CLI
Configure roles in the Web UI roles are defined on the Roles page of the Web UI. To add a new role or change an existing role, select User Management Roles in the Web UI navigation tree. To add a new role, click Add and enter a role name. The role name can be a combination of letters, numbers, and the underscore character, but must start with a letter. To change permissions for an existing role, double click the role in the Add or Edit role window.
Click a feature on the Features tab or Extended command. In the Extended Commands tab, select None Read Only or Read write from the Options menu to the left of the feature or command. To assign users to a role select user Management roles in the Web UI navigation tree and click Assign members in the assigned members to Role window. Double click a user in the available users list to add that user to the role. Double click a user in the Users with Role list to remove the user from the role.
- User and Role Parameters and Descriptions
Configuring roles in the CLI to add role definitions use add RBA role name domain type system readonly features List Read Write features List to delete role definitions use delete RBA role name read-only features List read writes features List to add users to or from existing roles use add. RBA user with username roles with list to remove users to or from existing roles use delete RBA user username roles list to add access mechanism, web UI or CLI permissions for a specified user. Use add. RBA user username access mechanisms UI or CLI to remove access mechanism, web UI or CLI permissions for a specified user. Use delete RBA user username access mechanisms, WebUI or CLI.
- Updates
This slide details the user and role parameters and descriptions. For example add RBA role new role domain type system readonly features VPN OSPF RBA rewrite features tag add RBA user Paul access mechanism CLI web UI add RBA user daily roles neural admin role delete RBA role neural delete RBA user daily roles admin role.