Checkpoint FW GAIA – remote admin/expert password reset

Check Point Gaia is the next generation Secure Operating System for all Check Point Appliances, Open Servers and Virtualized Gateways. Gaia combines the best features from IPSO and SecurePlatform (SPLAT) into a single unified OS providing greater efficiency and robust performance. By upgrading to Gaia, customers will benefit from improved appliance connection capacity and reduced operating costs. With Gaia, IP Appliance customers will gain the ability to leverage the full breadth and power of all Check Point Software Blades.

Sometimes you need to reset your admin or expert password in GAIA and you do not have physical access to the machine. Follow procedure below  to reset passwords remotely from management (of course there must be SIC established before your GW and management you will issue commands from):

1. Switch to the context of the involved Domain that manages your Security Gateway:

[[email protected]]# mdsenv <Domain_Name>


2. Generate hash for new password – run the following command and save the generated hash string:

[[email protected]]# /sbin/grub-md5-crypt  


3. Ensure that the Clish database is unlocked on the remote Security Gateway:

[[email protected]]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set config-lock on override'  


4. Change the admin user password:

[[email protected]]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set user admin password-hash <Password_Hash_from_Step_2>'


5. You can also change the Expert password:

[[email protected]]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set expert-password-hash <Password_Hash_from_Step_2>'


READ ALSO:  Build own OpenVPN server by using raspberry Pi (Part2/2)