Support Center > Search Results > SecureKnowledge Details
Check Point PRO active support: What is shared and configuration steps Technical Level
Cause


Solution

Introduction

Check Point PRO uses data uploaded from Check Point Security Management and Security Gateways to provide a comprehensive diagnostics report with actionable insights.

Check Point PRO Support combines security expertise and machine intelligence to monitor your management and security gateways daily and identify points of failure before they occur. When a severe issue is detected, a Check Point PRO expert proactively contacts you to help resolve the issue and prevent service downtime. Check Point PRO also provides you with a comprehensive report, delivering an overview of your overall security, diagnostics and actionable insights.

This article provides details on how information is shared, what type of data is uploaded and how data is handled.

Related SK articles:


Supported Platforms/Versions

Check Point PRO is supported on any Check Point Appliance or Open Server that runs Gaia OS (Linux) versions R77.20 and higher and in Bladed Platforms.

Minimum version requirements:

  • R80.X GA and higher
  • R77.30 Jumbo HF Take 128 and higher
  • R77.20 Jumbo HF Take 191 and higher
  • R76.SP50 Jumbo HF Take 16 and higher
  • R76.SP30 Jumbo HF Take 84 and higher
  • R77.20.75* for Small Business Appliances

Unsupported Products: Check Point PRO is not supported for SandBlast Agents, Harmony Connect, and some CloudGuard installations. Support for these products is planned.


What data is collected and uploaded?

Technical parameters and metrics are gathered by the cpdiag tool.  For additional information, refer to sk167215 - What does Check Point PRO support monitor as well as our privacy statement below.
To see the actual file that is uploaded to Check Point, run this command on any Check Point device:
# cpdiag -nuk

The "-nuk" flags force the cpdiag tool to create the data file, but not upload it.
An XML file is created - /tmp/data_file.xml.tmp
You can view it with any XML editor.
The first part, which is the CPView database, is encoded, and the rest of the data is shown as clear text.


Privacy Statement

Check Point does not upload data that contains private or sensitive information. The uploaded data is packaged, encrypted and transported over SSL to Check Point User Center.
No changes to the appliance are being made under Check Point’s PRO support service. Check Point’s PRO support service automatically updates the data collection agent and this does not interfere with the appliance’s operation or connectivity.

Check Point is fully compliant with GDPR and at the same time there is no personally identifiable information collected under this service. 

Check Point’s privacy policy describes Check Point’s treatment and control of data:
https://www.checkpoint.com/privacy


Performance Impact

The process of information collection and sharing has negligible impact on environment resources (CPU, Memory, Storage, Network) and zero impact on environment stability. The data is uploaded once a day at a random time between 1AM - 4AM (local device's time) and devices under heavy load (above 60% CPU) will skip reporting.


How the information sharing is enabled

Sharing information with Check Point is easily configured. Ensure your gateways have access to the following sites. *Note Check Point can allow data through the management station, contact technical support to obtain a hotfix for this.

  • updates.checkpoint.com
  • services.checkpoint.com
  • usercenter.checkpoint.com
  • dl3.checkpoint.com
  • crl.globalsign.com
  • crl.godaddy.com

For all enterprise and high-end appliances via the SmartConsole -> Global Properties.

Both download and upload options has to be selected to ensure the service delivery. The images below shows the settings for R77.X and R80.X versions:

In R77.X SmartDashboard In R80.X SmartConsole

Once the setting is set, save the configuration and install the Security policy.

For SMB appliances, to enable customer consent for uploading data:

  • On a locally managed appliance:

    In the Portal, on the Advance Settings page, enable the parameter Privacy Settings:

  • For a centrally managed appliance:

    In SmartConsole -> Global Properties.
    Both download and upload options must be selected to ensure the service delivery.

  • For a cloud managed (SMP) gateways:

    Run these Gaia Clish commands:

    set privacy-settings advanced-settings customer-consent true

    save config

For additional information, see sk111080.


Activating PRO support:
There are two steps to complete in order to get the full service of daily reports and ticket creation for critical events.

1.  Designate a user as your PRO support contact in case of high severity proactive SR creation.
The PRO contact needs to be a 'support contact' attached to the account.  In cases of collaborative support, the PRO contact *must* be a partner contact.

You can modify this in User Center -> Support Services -> Check Point PRO report -> "Manage Contacts"

Go to the PRO report page and click on Manage Contacts:



2.  Enable your gateways to share data as outlined above


Once you enable the reporting to our server, you can view your daily report via the Check Point PRO Report (User Center -> Support Services -> Check Point PRO report) in the User Center to check your diagnostic report.

Missing devices? See sk117276.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment