Support Center > Search Results > SecureKnowledge Details
HealthCheck Point (HCP) Release Updates Technical Level
Solution

Click Here to Show the Entire Article

 

Table of Contents

  • Introduction
  • Availability
  • List of Resolved Issues      
  • Manual Installation
  • Uninstall
  • SmartConsole Extension Installation
  • Tests
  • What's The Story (WTS)
  • Topology
  • Usage
  • Revision History

 

Introduction

HealthCheck Point (HCP) is a self-updatable suite of tools for:

  • Tests: Assesses the health of your system
  • WTS (What's The Story): Provides a timeline of critical and informative events occurred on the system
  • Topology: Visualize the Firewall topology

HealthCheck Point supports all Gaia versions starting from R80.10.

 

Availability

Product Update # Release Date Download package
Quantum Security Gateways, Security Management and VSX Update 3 - Take 44 13 June 2021 (TAR)
Quantum Scalable Chassis and Maestro Update 3 - RPM Build 592006 (RPM)

 

List of Resolved Issues and New Features per Update for HCP

ID Description
Update 3 - Take 44 (13 June 2021)
HCP-24 NEW: Enhancement: Added timestamp to HTML report.
HCP-16 NEW: Enhancement: Added Transceiver verifier test that checks that transceivers attached to appliances interfaces are supported.
HCP-82 NEW: Added new CSV file to allow CPDiag to collect statistics for:
  • Number of times the HCP ran in this environment
  • Passed tests
  • Failed tests
  • Tests score
HCP-67 NEW: Added a new test to examine the SIC status between Security Management and Security Gateway. 
HCP-108 NEW: Added event of SNMP send failure to chassis modules to WTS (What's The Story).
HCP-93 NEW: Added a new test that checks Gaia database performance.
HCP-70 NEW: Added Support for HCP Extension on MDS
HCP-76 UPDATE: Search functionality in the HTML report is now under WIP and disabled.
HCP-29 UPDATE: Added the Threshold column to CPView.
HCP-26 UPDATE: WTS (What's The Story) will be displayed the HTML report by default.
HCP-100 UPDATE: Errors previously printed on the screen while tests are running will be printed to the hcp.elg file.
HCP-117 UPDATE: The HCP test will alert about custom applications with signatures that may cause performance impact.
HCP-48 UPDATE: Help message is now displayed if the incorrect command syntax entered.
HCP-119 UPDATE: The Local Logging test is now disabled.
HCP-128 UPDATE: Added ability to run the fwkern.conf sanity test on each VS.
HCP-68 SecureXL status is missing in HCP test.
HCP-78 When running HCP with the wrong "-c" parameter, unnecessary blank HTML report is created.
HCP-64 The gexec command has a different default timeout value than hcpexec. 
HCP-96 Added more information to compatibility check of Forward Error Correction (FEC) feature.
HCP-97 The local logging test fails when a backup server is configured.
HCP-98 The Distribution test does not run from the Chassis Monitor.
HCP-53 Added core dumps information to WTS (What's The Story).
HCP-43 Cannot move between VSs in ARP CACHE limit test.
HCP-47 Charts tab time shows incorrect time.
HCP-71 SIM Configuration File Sanity test may fail to find the kernel parameter although it exists.
HCP-89 Long words in the HCP test reports may cause overflow to adjacent table columns.
HCP-79 Added cosmetics fix to MSG Vlans consistency test: replace between the result table titles and add new line at the end of each missing VLAN
HCP-77 Kernel Crash test shows "PASSED" although there are existing cores dump files.
HCP-129 In some scenarios, the Static Affinity Test fails with exception.
HCP-131 Scalable Platform Clients with ZETCLIENT process is shown as terminated and the "Check Point Processes" test status displays "ERROR". 
Update 2 - Take 29 (18 March 2021)
HCP-18 NEW: Added Memory Usage (RAM) test, which analyzes the different memory sections and their current usage.
HCP-12 NEW: Added a compatibility test of configured features in Scalable Platform environments (based on sk148074).
HCP-15 NEW: Added --v / -version argument to display the Take number / RPM build of HCP.
HCP-11 NEW: Added ability to see a back trace of core dump files.
HCP-20 NEW: Added a new test that verifies that the distribution configurations between local members and SSMs are consistent.
HCP-13 NEW: Added a new test that confirms that logs are being written to a Log Server and not locally.
HCP-21 NEW: Added "bond test" and "corexl status on VSX" performance tests.
HCP-1 Running HCP on remote members using the"-m" flag is not available in Maestro environments.
HCP-23 Tests that are supposed to run only in Scalable Platform run in all environments.
HCP-17 FW kern sanity test may fail when using parameter from type "uint".
Update 1 - Take 24 (18 February 2021)
ODU-81 Initial Release

 

Manual Installation (Offline)

HCP is installed automatically on all relevant Check Point devices, if the user allows the Automatic updates download per sk94508.
For users who do not allow automatic updates, HCP can be installed as described below.

Prerequisites: Install the latest Take of the AutoUpdater.

 

  • Instructions for VSX, Quantum Security Gateways and Security Management



    Show / Hide this Section

    1. Download the latest HCP TAR from the Availability table.

    2. Run this command in the Expert mode:
      # autoupdatercli install <Full Path to the TAR Package>

    Note: The installation does not require a restart of Check Point services ("cpstop; cpstart") or a reboot. After it is installed, no further action is required. The future updates are be applied immediately.



  • Instructions for Quantum Scalable Chassis and Maestro



    Show / Hide this Section

    • For R81 and higher: 

      1. Download the latest HCP TAR from the Availability table.

      2.  Copy the TAR to all other members by using the command
        # asg_cp2blades -b all <Full Path to the TAR Package>

      3. Run this command in the Expert mode:
        # g_all autoupdatercli <Full Path to the TAR Package>

      4. Delete the TAR file from your system as it is no longer needed after installation.


    • For R80.x:

      1. Download the latest HCP RPM from the Availability table.

      2. Copy the RPM to all other members by using the command
        # asg_cp2blades -b all <Full Path to the RPM file>

      3. Run this command in the Expert mode:
        # g_all rpm -i --nodeps --force <Full Path to the RPM file> 

      4. Delete the RPM file from your system as it is no longer needed after installation.



Install Validation log

Make sure the package was correctly install.
View the log file located in the /opt/CPInstLog/AutoUpdateLogs/hcp/ directory and make sure the following lines appear:

 <HH:MM:SS>% :  Script /var/log/AutoUpdater/metadata/HealthCheck_Point/hcp/hcp_AutoUpdate/24/product_scripts/hcp_post_verify_action.sh output:
  [INFO] - verification endded successfully
 <HH:MM:SS>% :  Installation succeeded for component hcp
 <HH:MM:SS>% :  ----------------------------------------------------------------------

 

Uninstall

Run this command in the Expert mode: # autoupdatercli revert-completely hcp


Uninstall Validation log

Make sure the package was correctly uninstalled.
View the log file located in the /opt/CPInstLog/AutoUpdateLogs/hcp/ directory and make sure the following lines appear:

[SUCCESS] - Finish running hcp_unregister.sh
<HH:MM:SS>% :  Revert succeeded for component hcp
<HH:MM:SS>% :  ----------------------------------------------------------------------



SmartConsole Extension Installation


Prerequisites:

  1. Make sure the HCP package is installed on your Security Management Server
  2. Run the "hcp -r all" command at least once on each Security Gateway you want to see the report from.

Activating Extension on Security Management


Show / Hide this Section

Connect to your Security Management Server via SSH and run:
  1. # service hcp_ext start

  2. # hcp --ext-update-reports all
    • You must run this command on every restart of the Security Management Server to collect a report from the newly created  Security Gateway.



Adding Extension in SmartConsole


Show / Hide this Section
  1. Go to Manage & Settings -> Preference -> SmartConsole Extensions -> click "+":

  2. Enter the following as URL:  
    https://<your-management-ip>/ngm-management-app/hcp/extension.json:

     

  3. In the next prompt, click "Continue" and then "OK":
        


  4. You should see HCP extension added:



  5. Move to "Gateways & Servers", Choose your GW and click on "Health Check" button:

     


  6. HCP new window should pop up:

  7. To fetch the latest report from the Security Gateway or run it live on it, use one of the following options: "Fetch Latest" Report or "Fetch Live Report":

     


Tests

  • Self-diagnostics utility program that executes a set of tests.
     
  • Tests scan the system and can detect:
    • Feature/system configuration bad practices
    • Foresee future issues that may affect the system
    • Historical issues that may re-occur
  • Provide a comprehensive structured system assessment report:
    • Include each of the tests and a final verdict (Success/Error/Warning)
    • Tests that failed show their findings and suggest a next-step action

     

 

What's The Story (WTS)

  • WTS tells the story of the system by arranging critical/informative events into a timeline
  • WTS combines events of several processes and services into a single timeline which gives a bird-eye vision
  • WTS become helpful when troubleshooting issues that affected the system but no longer exists (RCA)
  • WTS events can be extended
   

 

Topology

  • Visualize the firewall topology in the network

  • Very helpful with complex VSX environments
 

 

Usage

Default manual run: # hcp -r all --include-wts yes

Syntax:

# hcp {-r | --run} {all | "test 1" "test2" ...} [{-f | --format} <json | yaml | table>] [--only-pass-status] [{-o |--output-file} </Path/To/Output-File>]

# hcp {-l | --list-tests} [{-f | --format} <json | yaml | table>]


Parameters:

Parameter Parameter Status Parameter Description
-h | --help Optional  Shows the built-in help and exits
-r {all | "test 1" "test2" ...}
--run {all | "test 1" "test2" ...}
Mandatory  Runs all or only the specified HealthCheck Point (HCP) tests
-l |--list-tests Mandatory  Lists all tests
-s |--silent Optional  Runs in a silent mode (no stdout)
--show-last Optional  Shows a full report for the last test
--include-topology {yes|no} Optional  Includes the topology in the JSON output
--include-wts {yes|no} Optional  Includes the "What's The Story" information in the JSON output
--include-charts {yes|no} Optional  Includes the history charts in the JSON output
-o </Path/To/Output-File>
--output-file </Path/To/Output-File>
Optional  Specifies the path and name of the output file
--only-pass-status Optional  The JSON output will not include the summary and findings for tests with status of pass
-f {json|yaml|table}
--format {json|yaml|table}
Optional  Output display format - JSON, YAML, or table (default)
--cli-list-tests Optional  Shows all available tests


To view report in CLI:
# hcp --show-last | more

To view report in Web browser:

  1. Copy the /var/log/hcp/last/hcp_last_report.tar.gz file to your personal computer
  2. Extract the TAR content
  3. Open the index.html file in your web browser

 

Revision History

Show / Hide revision history

Date Description
16 Jun 2021 Added the "SmartConsole Extension Installation" section
13 Jun 2021 Released Update 3 - Take 44
18 Mar 2021 Released Update 2 - Take 29
18 Feb 2021 First release of this document - Update 1 - Take 24

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment