Checkpoint FW GAIA – remote admin/expert password reset
Check Point Gaia is the next generation Secure Operating System for all Check Point Appliances, Open Servers and Virtualized Gateways. Gaia combines the best features from IPSO and SecurePlatform (SPLAT) into a single unified OS providing greater efficiency and robust performance. By upgrading to Gaia, customers will benefit from improved appliance connection capacity and reduced operating costs. With Gaia, IP Appliance customers will gain the ability to leverage the full breadth and power of all Check Point Software Blades.
Sometimes you need to reset your admin or expert password in GAIA and you do not have physical access to the machine. Follow procedure below to reset passwords remotely from management (of course there must be SIC established before your GW and management you will issue commands from):
1. Switch to the context of the involved Domain that manages your Security Gateway:
[Expert@HostName]# mdsenv <Domain_Name>
2. Generate hash for new password – run the following command and save the generated hash string:
[Expert@HostName]# /sbin/grub-md5-crypt
3. Ensure that the Clish database is unlocked on the remote Security Gateway:
[Expert@HostName]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set config-lock on override'
4. Change the admin user password:
[Expert@HostName]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set user admin password-hash <Password_Hash_from_Step_2>'
5. You can also change the Expert password:
[Expert@HostName]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set expert-password-hash <Password_Hash_from_Step_2>'