Click Here to Show the Entire Article
-
Introduction
-
Availability
-
List of Resolved Issues
-
Manual Installation
|
|
-
Topology
-
Usage
-
Revision History
|
Introduction
HealthCheck Point (HCP) is a self-updatable suite of tools for:
- Tests: Assesses the health of your system
- WTS (What's The Story): Provides a timeline of critical and informative events occurred on the system
- Topology: Visualize the Firewall topology
HealthCheck Point supports all Gaia versions starting from R80.10.
Availability
List of Resolved Issues and New Features per Update for HCP
Manual Installation (Offline)
HCP is installed automatically on all relevant Check Point devices, if the user allows the Automatic updates download per sk94508.
For users who do not allow automatic updates, HCP can be installed as described below.
Prerequisites: Install the latest Take of the AutoUpdater.
If you have issues with installing Autoupdater, contact Check Point Support for assistance.
-
Instructions for Security Gateways, VSX, Maestro Hyperscale Orchestrator and Management Servers
Show / Hide this Section
- Download the latest HCP TAR from the Availability table.
- Run this command in the Expert mode:
# autoupdatercli install <Full Path to the TAR Package>
Note: The installation does not require a restart of Check Point services ("cpstop; cpstart
") or a reboot. After it is installed, no further action is required. The future updates are be applied immediately.
-
Instructions for Maestro Gateways and Scalable Chassis R80.20SP and higher
Show / Hide this Section
- Download the latest HCP TAR from the Availability table.
- Copy the TAR to all other members by using the command
# asg_cp2blades -b all <Full Path to the TAR Package>
- Run this command in the Expert mode:
# g_all autoupdatercli install <Full Path to the TAR Package>
- Delete the TAR file from your system as it is no longer needed after installation.
Install Validation log
Make sure the package was correctly install.
View the log file located in the /opt/CPInstLog/AutoUpdateLogs/hcp/ directory and make sure the following lines appear:
<HH:MM:SS>% : Script /var/log/AutoUpdater/metadata/HealthCheck_Point/hcp/hcp_AutoUpdate/24/product_scripts/hcp_post_verify_action.sh output:
[INFO] - verification endded successfully
<HH:MM:SS>% : Installation succeeded for component hcp
<HH:MM:SS>% : ----------------------------------------------------------------------
Uninstall
Run this command in the Expert mode: # autoupdatercli revert-completely hcp
Uninstall Validation log
Make sure the package was correctly uninstalled.
View the log file located in the /opt/CPInstLog/AutoUpdateLogs/hcp/ directory and make sure the following lines appear:
[SUCCESS] - Finish running hcp_unregister.sh
<HH:MM:SS>% : Revert succeeded for component hcp
<HH:MM:SS>% : ----------------------------------------------------------------------
SmartConsole Extension Installation
Prerequisites:
- Make sure the HCP package is installed on your Security Management Server
- Run the "
hcp -r all
" command at least once on each Security Gateway you want to see the report from.
Activating Extension on Security Management
Show / Hide this Section
Connect to your Security Management Server via SSH and run:
# service hcp_ext start
# hcp --ext-update-reports all
- You must run this command on every restart of the Security Management Server to collect a report from the newly created Security Gateway.
Adding Extension in SmartConsole
Tests
- Self-diagnostics utility program that executes a set of tests.
- Tests scan the system and can detect:
- Feature/system configuration bad practices
- Foresee future issues that may affect the system
- Historical issues that may re-occur
- Provide a comprehensive structured system assessment report:
- Include each of the tests and a final verdict (Success/Error/Warning)
- Tests that failed show their findings and suggest a next-step action

What's The Story (WTS)
- WTS tells the story of the system by arranging critical/informative events into a timeline
- WTS combines events of several processes and services into a single timeline which gives a bird-eye vision
- WTS become helpful when troubleshooting issues that affected the system but no longer exists (RCA)
- WTS events can be extended
|
 |
Topology
- Visualize the firewall topology in the network
- Very helpful with complex VSX environments
|
 |
Usage
Default manual run: # hcp -r all --include-wts yes
Syntax:
# hcp {-r | --run} {all | "test 1" "test2" ...} [{-f | --format} <json | table>] [{-o |--output-file} </Path/To/Output-File>]
# hcp {-l | --list-tests} [{-f | --format} <json | table>]
# hcp {-r | --run} [{-m | --members} {all| 2_1-2_3}]
(for Scalable Platforms only)
Parameters:
To view report in CLI: # hcp --show-last | more
To view report in Web browser:
- Copy the
/var/log/hcp/last/hcp_last_report.tar.gz
file to your personal computer
- Extract the TAR content
- Open the index.html file in your web browser
Revision History