Support Center > Search Results > SecureKnowledge Details
The Check Point Uploader command line utility
Solution

Important Note: Starting on 02 Oct 2016, the functionality of the standalone cp_uploader tool was integrated into the CPinfo utility (version 914000164) and the standalone cp_uploader tool becomes deprecated (its packages are no longer available). To upload files to Check Point servers, use the CPinfo utility.

  • File upload using cp_uploader would fail with this error:

    Initiating connection to User Center: Error: Failed connecting to User Center (Please check that port 443 is open)

    Example:
    [Expert@HostName:0]# ./cp_uploader -u username@checkpoint.com test_file.txt
    Password:
    Initiating connection to User Center: Error: Failed connecting to User Center (Please check that port 443 is open)
    [Expert@HostName:0]#
  • The following table provides a short translation between the CLI syntax flags (for full details, refer to sk92739 - The CPinfo utility):

    Operation Flags used in
    cp_uploader syntax
    Flags to use in
    cpinfo syntax
    Comments
    Display built-in help and exit -h -h No changes.
    Show tool version and exit -v -v No changes.
    Generate and upload a CPinfo file -c -o <filename> Removing of the output file is not supported anymore.
    Connect to Check Point User Center
    with specified username
    -u <username> -u <username> No changes.
    Use CK for authentication -k <CK> -K <CK> If <CK> is not specified, then the machine's CK
    is extracted by the tool.
    Specify the e-mails of people that
    should be notified about upload status
    -e <e-mail> -e <e-mail> No changes.
    Specify the number of Service Request
    opened with Check Point Support
    -s <SR_Number> -s <SR_Number> No changes.
    Upload files to Check Point cloud <file> -n -i -f <file> No changes.
    Specify a list of files to be
    uploaded to Check Point cloud
    -w <filename> -n -i -w <filename> No changes.
    Do not delete CPinfo output file -i <filename> -o <filename> CPinfo tool does not delete its output file.

 


 

Table of Contents:

  1. Introduction
  2. System Requirements
  3. Usage Instructions
  4. Known Limitations
  5. Related Solutions

 

(1) Introduction

The Check Point Uploader (cp_uploader) provides the ability to run and upload CPInfo utility output and any additional files to the Check Point FTP server in a secure way.

Note: This tool requires your User Center credentials for authentication.

Starting from CPInfo build 122, the cp_uploader tool is part of the CPInfo installation package. A standalone tool (not bundled with CPInfo) is also available.

Check Point also offers a GUI-based utility to upload files that were requested by Check Point Support to Check Point User Center.
Refer to sk108152 - The Check Point Uploader GUI utility.

 

(2) System Requirements

  • Operating Systems:
    • SecurePlatform, Gaia, Linux, IPSO 6.x with Security Gateway / Security Management server of any version
    • Any Windows machine
  • Open ports to the following servers:
    • For Authentication (HTTPS - port 443)
      • ftp-proxy.checkpoint.com
      • mercury.ts.checkpoint.com
      • fairfax.ott.checkpoint.com
  • Configured DNS

 

(3) Usage Instructions

  1. Using an HTTP proxy:

    Note: This step is relevant for machines that connect to the Internet through an HTTP proxy server.

    • Show / Hide instructions for Gaia / SecurePlatform / Linux OS

      1. Log in to Expert mode.

      2. Backup the current /etc/rc.d/rc.local script:

        [Expert@HostName:0]# cp -v /etc/rc.d/rc.local /etc/rc.d/rc.local_ORIGINAL

      3. Edit the current /etc/rc.d/rc.local script:

        [Expert@HostName:0]# vi /etc/rc.d/rc.local

      4. Add the relevant environment variable at the bottom of the script:

        • If Proxy server does not require user to authenticate, then add:

          export http_proxy="http://Proxy_HostName_or_IP_Address:Proxy_Port"
        • If user must authenticate on Proxy server, then add:

          export http_proxy="http://UserName:Password@Proxy_HostName_or_IP_Address:Proxy_Port"


      5. Save the changes and exit from Vi editor.

      6. Verify that there are no syntax mistakes in the script:

        [Expert@HostName:0]# sh -n /etc/rc.d/rc.local

        If there is no output from this command, then the syntax is correct.

      7. Execute the /etc/rc.d/rc.local script to load the new variable in the current shell:

        [Expert@HostName:0]# source /etc/rc.d/rc.local

      8. Verify that the required variable was set:

        [Expert@HostName:0]# echo $http_proxy


    • Show / Hide instructions for Windows OS

      Reference: How To Manage Environment Variables in Windows XP.

      1. Start menu - Run... - "%WINDIR%\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables - click on OK

        Alternatively:

        1. Desktop - right-click on the "My Computer" icon - click on "Properties"
        2. Windows Vista/7/2012: In the left pane, click on "Advanced system settings".
        3. Go to "Advanced" tab.
        4. At the bottom, click on "Environment Variables..." button.


      2. Under "System variables" - click on "New..."

        • In the "Variable name" field enter:

          • http_proxy
        • In the "Variable value" field enter:

          • If Proxy server does not require user to authenticate, then enter:

            http://Proxy_HostName_or_IP_Address:Proxy_Port
          • If user must authenticate on Proxy server, then enter:

            http://UserName:Password@Proxy_HostName_or_IP_Address:Proxy_Port
        • and click "OK" to close the "New System Variable" window.



      3. Click on "OK" to close the "Environment Variables" window.

      4. Click on "OK" to close the "System Properties" window.

      5. Reboot the machine.


  2. Running cp_uploader

    Run:

    [Expert@HostName]# cp_uploader -u <User Center UserName> [-c] [-e E-Mails] [-s Ticket_Number] FILE1 FILE2 FILE3 ...

    Note

    • Run cp_uploader from the extracted directory (or use full path).
      Note: if the tool was installed on a Windows machine (which is not a Security Gateway or Security Management server), the tool should be located along with the ca.bundle file which was also extracted from the downloaded package.

    • Single space is the delimiter between filenames.

    • Wildcards are accepted instead of FILE1. You can use *gz or  /var/log/* syntax.

    Flags Description
    -u User Center UserName
    User Center e-mail (a prompt asking for the User Center password will be shown.
    The password will not be stored in the CLI history, or in messages/log files)
    -c Generates and uploads the CPinfo output
    -e "E-Mails" List of e-mail addresses for notification enclosed in double-quotes and separated by semicolons - e.g., -e "EMail1;EMail2;EMail3"
    -s Ticket_Number Number of Service Request (SR) opened with Check Point Support - e.g., -s 28-123456789
    -v Displays the cp_uploader version
    -h Displays this help

    To see help, run: cp_uploader -h

     

    Additional clarifications

    Up until recently Check Point support has been providing SFTP credentials for upload and download of file.
    Here are the main benefits of using Check Point Uploader over SFTP:

    • Authentication is using the customer UserCenter credentials
    • Files are encrypted before leaving customer's network
    • Files are verified for MD5 and size
    • Notification system on upload process
    • Hold/resume features
    • Built on top of https and SFTP protocols

 

(4) Known Limitations

ID Symptoms
- The size of the files to upload is limited to 10GB (FILE1, FILE2, FILE3, ... in the above example).
Refer to sk92526 for relevant instructions.
-

Files that contain '/' or '\' in their name, which is not according to the OS on which the cp_uploader tool is running ('/' on Windows and '\' on all the rest), cannot be uploaded to Check Point.

Example:

On Windows OS:
Uploading C:/demofile.txt will be blocked
Uploading C:\demofile.txt will be processed successfully


On Linux based OS's:
Uploading \directory\demofile will be blocked
Uploading /directory/demofile will be processed successfully

For more information, refer to cp_uploader Release Notes.

 

Applies To:
  • This SK replaces sk90446

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment