Support Center > Search Results > SecureKnowledge Details
OPSEC SDK Technical Level
Solution

Note: Check Point recommends to use the improved log exporting tool - Log Exporter. For details please refer to: sk122323 - Log Exporter - Check Point Log Export

Check Point's OPSEC (Open Platform for Security) integrates and manages all of network security through an open, extensible management framework. Third party security applications can plug into the OPSEC framework via published application programming interfaces (APIs). Once integrated into the OPSEC framework, applications can be configured and managed from a central point, utilizing a single Security Policy editor.

Starting from R80, OPSEC CPMI commands are considered deprecated and are being replaced by new set of APIs.
The new APIs are offer the following benefits:

  • Easy to use APIs that can run from an any programming language without adding external libraries / header files.
  • The new APIs are available in both web-services and command-line flavors. Improved validation offering safer and more robust usage.
  • Improved documentation.
  • The new APIs maintain backwards compatibility and remains unchanged when the even when the object's internal representation in the Check Point database change.

In R80, most OPSEC CPMI commands remain supported, with the exception of policy/rulebase related commands.

For more details about the new management APIs, check the "developer's network" section in https://community.checkpoint.com

Table of Contents

  • Network Security OPSEC SDK Package
  • OPSEC SIC Utilities
  • Desktop SDK
  • OPSEC SDK Package Revisions
  • Documentation
  • Related solutions

 

Network Security OPSEC SDK Package

The network security OPSEC SDK includes the tools required to build commercial products and custom solutions which are closely integrated with the Check Point network and security management product family. Documentation, interface specifications, example code and API libraries are included for the following APIs; CVP, CSA, UFP, LEA, ELA, SAM, CPMI, AMON and CPRA. The utilities opsec_pull_cert and RoamAdmin are also included.

The latest SDK, that supports SHA-256, is available for Linux OS and Windows OS:

Package Version OS Download Link Description Release Date
6.1 Linux 50

 

ELF libraries compiled using:
gcc version 4.4.6
libc version 2.5
libstdc++ version 6.0.8

For compatibility between gcc compilers,
refer to ABI Policy and Guidelines.

 14-12-2017
Linux 30

ELF libraries compiled using:
gcc version 3.2.3
libc version 2.3.2
libstdc++ version 5.0.3

For compatibility between gcc compilers,
refer to ABI Policy and Guidelines.

 14-12-2017
Windows - MSVC 6.0

Compiled using MSVC 6.0 14-12-2017
6.0 NGX Icon Package

  17-04-2007 


Additional details:

There are several new libraries in OPSEC SDK 6.1:

  • ProdUtils
  • cpxerces_c
  • CPStrings
  • cplic_cntrct
  • cvars
  • cpexpat

Note: When compiling on Linux OS, the order of library linkage is important due to dependencies.


The following is an example of a validly ordered (dependency-wise) list of the SDK libraries that includes the new libraries:

-lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501
-lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient
-lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging
-lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng
-lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS

And for static builds:

-lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501
-lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient
-lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging
-lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng
-lasn1cpp -lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS


OPSEC SIC Utilities

In addition to the OPSEC SDK package, the opsec_putkey and opsec_pull_cert utilities are available:

OS OPSEC SIC Utilities Description Release Date
Linux 50 6.1 

ELF Executables compiled using:
gcc version 4.4.6
libc version 2.5
libstdc++ version 6.0.8

 20-07-2016
Linux 30 6.1 

ELF Executables compiled using:
gcc version 3.2.3
libc version 2.3.2
libstdc++ version 5.0.3

 20-07-2016
Windows - MSVC 6.0 6.1 

Compiled using MSVC 6.0

 20-07-2016
Windows - MSVC 10.0 6.1 

Compiled using MSVC 10.0

 20-07-2016


Desktop SDK

Configuration and monitoring of the Endpoint client is included in the Desktop SDK.
Endpoint Security VPN E75 replaces Endpoint Connect and SecureClient and supports the SAA API like that supported in SecureClient.

API Package for Windows Package Info Documentation
Endpoint Security Clients E80
E80.41 Endpoint Security Clients API MD5: 8f585f2a307a2d78b44c200c7d19adeb -
E80.42 Endpoint Security Clients API MD5: d7e3b1cc3e6e73e94ba3ca7b336f0c69 -
E80.50 Endpoint Security Clients API MD5: 378990dae8ff8a69e767b46413874ffd -
Remote Access Clients E75.x
E75.30 Remote Access Clients API - -
E75.20 Remote Access Clients API 262.68 KB, MD5: fb5d2b91636f4d5966fa81bf87b3746e E75.20 Remote Access Clients API Documentation
E75.20 Remote Access Clients SCV SDK 538.56 KB, MD5: a34786322cd30445b930012c8344da0e3 E75.20 Remote Access Clients SCV SDK Documentation
E75.10 Remote Access Clients E75.10 API 862.46 KB, MD5: 7db02b9ff28ad85dc9a166b3ccee3f19
E75 Endpoint Security VPN API 858 KB, MD5: 83e0a7e13591525c1a5d8f19538eb9b0 E75 Endpoint Security VPN API Documentation
Endpoint Connect
Endpoint Connect API 684 KB, MD5: daa602dd4301b61a14a0c4c1c8f10c4b Endpoint Connect API Documentation

     

    OPSEC SDK Package Revisions

    OPSEC SDK 6.2 is an EA version (not officially supported) which also provides support for TLS1.2:

    Package Version OS Download Link Description Release Date
    6.2 Linux 50

    ELF libraries compiled using:
    gcc version 4.4.6
    libc version 2.5
    libstdc++ version 6.0.8

    For compatibility between gcc compilers,
    refer to ABI Policy and Guidelines.

    		 14-12-2017 
    Linux 30

    ELF libraries compiled using:
    gcc version 3.2.3
    libc version 2.3.2
    libstdc++ version 5.0.3

    For compatibility between gcc compilers,
    refer to ABI Policy and Guidelines.

    		  14-12-2017
    Windows - MSVC 6.0 Compiled using MSVC 6.0  14-12-2017
    Windows - MSVC 10.0 Compiled using MSVC 10.0  14-12-2017


    OPSEC SDK 6.0 supports only verification of certificates and CRLs signed using SHA-1 (not SHA-256 or newer):

    Package Version OS Download Link Description Release Date
    6.0

    Linux 30

    Linux 22

    Linux 30:
    ELF libraries compiled using:
    gcc version 3.2.3
    libc version 2.3.2
    libstdc++ version 5.0.3

    Linux 22 (RedHat 2.2):
    ELF libraries compiled using:
    gcc version 2.95.1
    libc version 2.1
    libstdc++ version 2.10.0

    For compatibility between gcc compilers,
    refer to ABI Policy and Guidelines.

    		 17-04-2007
    Solaris

     

    		 17-04-2007
    Windows

    		17-04-2007

     

    Documentation

    • Refer to sk103840 for more information regarding SHA-1 and SHA-256 signatures.
    • Refer to sk110432 for more information regarding SHA-512 in IKE and IPSec.
    Applies To:
    • This article replaces sk31234 and sk110425

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment