Note: Check Point recommends to use the improved log exporting tool - Log Exporter. For details please refer to: sk122323 - Log Exporter - Check Point Log Export
Check Point's OPSEC (Open Platform for Security) integrates and manages all of network security through an open, extensible management framework. Third party security applications can plug into the OPSEC framework via published application programming interfaces (APIs). Once integrated into the OPSEC framework, applications can be configured and managed from a central point, utilizing a single Security Policy editor.
Starting from R80, OPSEC CPMI commands are considered deprecated and are being replaced by new set of APIs.
The new APIs are offer the following benefits:
- Easy to use APIs that can run from an any programming language without adding external libraries / header files.
- The new APIs are available in both web-services and command-line flavors. Improved validation offering safer and more robust usage.
- Improved documentation.
- The new APIs maintain backwards compatibility and remains unchanged when the even when the object's internal representation in the Check Point database change.
In R80, most OPSEC CPMI commands remain supported, with the exception of policy/rulebase related commands.
For more details about the new management APIs, check the "developer's network" section in https://community.checkpoint.com
Table of Contents
Network Security OPSEC SDK Package
The network security OPSEC SDK includes the tools required to build commercial products and custom solutions which are closely integrated with the Check Point network and security management product family. Documentation, interface specifications, example code and API libraries are included for the following APIs; CVP, CSA, UFP, LEA, ELA, SAM, CPMI, AMON and CPRA. The utilities opsec_pull_cert
and RoamAdmin
are also included.
The latest SDK, that supports SHA-256, is available for Linux OS and Windows OS:
Package Version |
OS |
Download Link |
Description |
Release Date |
6.1 |
Linux 50 |

|
ELF libraries compiled using: gcc version 4.4.6 libc version 2.5 libstdc++ version 6.0.8
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.
|
07-09-2018 |
Linux 30 |

|
ELF libraries compiled using: gcc version 3.2.3 libc version 2.3.2 libstdc++ version 5.0.3
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.
|
07-09-2018 |
Windows - MSVC 6.1 |

|
Compiled using MSVC 6.1 |
07-09-2018 |
6.0 |
NGX Icon Package |

|
|
07-09-2018 |
Additional details:
There are several new libraries in OPSEC SDK 6.1:
- ProdUtils
- cpxerces_c
- CPStrings
- cplic_cntrct
- cvars
- cpexpat
Note: When compiling on Linux OS, the order of library linkage is important due to dependencies.
The following is an example of a validly ordered (dependency-wise) list of the SDK libraries that includes the new libraries:
-lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501
-lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient
-lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging
-lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng
-lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS
And for static builds:
-lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501
-lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient
-lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging
-lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng
-lasn1cpp -lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS
OPSEC SIC Utilities
In addition to the OPSEC SDK package, the opsec_putkey and opsec_pull_cert utilities are available:
OS |
OPSEC SIC Utilities |
Description |
Release Date |
Linux 50 |
6.1  |
ELF Executables compiled using: gcc version 4.4.6 libc version 2.5 libstdc++ version 6.0.8
|
07-09-2018 |
Linux 30 |
6.1  |
ELF Executables compiled using: gcc version 3.2.3 libc version 2.3.2 libstdc++ version 5.0.3
|
07-09-2018 |
Windows - MSVC 6.0 |
6.1  |
Compiled using MSVC 6.0
|
07-09-2018 |
Windows - MSVC 10.0 |
6.1  |
Compiled using MSVC 10.0
|
07-09-2018 |
Desktop SDK
Configuration and monitoring of the Endpoint client is included in the Desktop SDK.
Endpoint Security VPN E75 replaces Endpoint Connect and SecureClient and supports the SAA API like that supported in SecureClient.
OPSEC SDK Package Revisions
OPSEC SDK 6.2 is an EA version (not officially supported) which also provides support for TLS1.2:
Package Version |
OS |
Download Link |
Description |
Release Date |
6.2 |
Linux 50 |
 |
ELF libraries compiled using: gcc version 4.4.6 libc version 2.5 libstdc++ version 6.0.8
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.
|
14-12-2017 |
Linux 30 |
 |
ELF libraries compiled using: gcc version 3.2.3 libc version 2.3.2 libstdc++ version 5.0.3
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.
|
14-12-2017 |
Windows - MSVC 6.0 |
 |
Compiled using MSVC 6.0 |
14-12-2017 |
Windows - MSVC 10.0 |
 |
Compiled using MSVC 10.0 |
14-12-2017 |
OPSEC SDK 6.0 supports only verification of certificates and CRLs signed using SHA-1 (not SHA-256 or newer):
Package Version |
OS |
Download Link |
Description |
Release Date |
6.0 |
Linux 30
Linux 22
|

|
Linux 30: ELF libraries compiled using: gcc version 3.2.3 libc version 2.3.2 libstdc++ version 5.0.3
Linux 22 (RedHat 2.2): ELF libraries compiled using: gcc version 2.95.1 libc version 2.1 libstdc++ version 2.10.0
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.
|
17-04-2007 |
Solaris |

|
|
17-04-2007 |
Windows |

|
|
17-04-2007 |
Documentation
- Refer to sk103840 for more information regarding SHA-1 and SHA-256 signatures.
- Refer to sk110432 for more information regarding SHA-512 in IKE and IPSec.