Support Center > Search Results > SecureKnowledge Details
The Check Point Uploader command line utility Technical Level
Solution

Important Note: Starting 2 October 2016, the functionality of the standalone cp_uploader tool was integrated into the CPinfo utility (version 914000164). From that date the standalone cp_uploader tool becomes deprecated and its packages are no longer available. To upload files to Check Point servers, use the CPinfo utility.

  • File upload using cp_uploader fails with this error:

    Initiating connection to User Center: Error: Failed connecting to User Center (Please check that port 443 is open)

    Example:
    [Expert@HostName:0]# ./cp_uploader -u username@checkpoint.com test_file.txt
    Password:
    Initiating connection to User Center: Error: Failed connecting to User Center (Please check that port 443 is open)
    [Expert@HostName:0]#
  • The following table provides a short translation between the CLI syntax flags. For full details, refer to sk92739 - The CPinfo utility:

    Operation Flags used in
    cp_uploader syntax
    Flags to use in
    cpinfo syntax
    Comments
    Display built-in help and exit -h -h No changes.
    Show tool version and exit -v -v No changes.
    Generate and upload a CPinfo file -c -o <filename> Removing the output file is no longer supported.
    Connect to Check Point User Center
    with specified username
    -u <username> -u <username> No changes.
    Use CK for authentication -k <CK> -K <CK> If <CK> is not specified, then the machine's CK
    is extracted by the tool.
    Specify the emails of people that
    should be notified about upload status
    -e <e-mail> -e <e-mail> No changes.
    Specify the number of Service Request
    opened with Check Point Support
    -s <SR_Number> -s <SR_Number> No changes.
    Upload files to Check Point cloud <file> -n -i -f <file> No changes.
    Specify a list of files to be
    uploaded to Check Point cloud
    -w <filename> -n -i -w <filename> No changes.
    Do not delete CPinfo output file -i <filename> -o <filename> CPinfo tool does not delete its output file.

 


 

Table of Contents:

  1. Introduction
  2. System Requirements
  3. Usage Instructions
  4. Known Limitations
  5. Related Solutions

 

(1) Introduction

The Check Point Uploader (cp_uploader) provides the ability to run and upload CPInfo utility output and additional files to the Check Point FTP server in a secure way.

Note: This tool requires your User Center credentials for authentication.

Starting from CPInfo build 122, the cp_uploader tool is part of the CPInfo installation package. A standalone tool (not bundled with CPInfo) is also available.

Check Point also offers a GUI-based utility to upload files that were requested by Check Point Support to Check Point User Center.
Refer to sk108152 - The Check Point Uploader GUI utility.

 

(2) System Requirements

  • Operating Systems:
    • SecurePlatform, Gaia, Linux, IPSO 6.x with a Security Gateway or Security Management server of any version
    • Any Windows machine
  • Open ports to the following servers:
    • For Authentication (HTTPS - port 443)
      • ftp-proxy.checkpoint.com
      • mercury.ts.checkpoint.com
      • fairfax.ott.checkpoint.com
  • Configured DNS

 

(3) Usage Instructions

  1. Using an HTTP proxy:

    Note: This step is relevant for machines that connect to the Internet through an HTTP proxy server.

    • Show or Hide instructions for Gaia, SecurePlatform or Linux OS

      1. Log in to Expert mode.

      2. Backup the current /etc/rc.d/rc.local script:

        [Expert@HostName:0]# cp -v /etc/rc.d/rc.local /etc/rc.d/rc.local_ORIGINAL

      3. Edit the current /etc/rc.d/rc.local script:

        [Expert@HostName:0]# vi /etc/rc.d/rc.local

      4. Add the environment variable at the bottom of the script:

        • If Proxy server does not require the user to authenticate, add:

          export http_proxy="http://Proxy_HostName_or_IP_Address:Proxy_Port"
        • If user must authenticate on a Proxy server, add:

          export http_proxy="http://UserName:Password@Proxy_HostName_or_IP_Address:Proxy_Port"


      5. Save the changes and exit the Vi editor.

      6. Verify that there are no syntax mistakes in the script:

        [Expert@HostName:0]# sh -n /etc/rc.d/rc.local

        If there is no output from this command, then the syntax is correct.

      7. Execute the /etc/rc.d/rc.local script to load the new variable in the current shell:

        [Expert@HostName:0]# source /etc/rc.d/rc.local

      8. Make sure that that the required variable was set:

        [Expert@HostName:0]# echo $http_proxy


    • Show or Hide instructions for Windows OS

      Reference: How To Manage Environment Variables in Windows XP.

      1. Start menu - Run... - "%WINDIR%\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables and click OK

        Alternatively:

        1. Desktop - right-click the "My Computer" icon and click "Properties"
        2. Windows Vista/7/2012: In the left pane, click "Advanced system settings".
        3. Go to the "Advanced" tab.
        4. At the bottom, click "Environment Variables".


      2. Under "System variables" - click "New..."

        • In the "Variable name" field enter:

          • http_proxy
        • In the "Variable value" field enter:

          • If Proxy server does not require user to authenticate, enter:

            http://Proxy_HostName_or_IP_Address:Proxy_Port
          • If user must authenticate on Proxy server, enter:

            http://UserName:Password@Proxy_HostName_or_IP_Address:Proxy_Port
        • Click "OK" to close the "New System Variable" window.



      3. Click "OK" to close the "Environment Variables" window.

      4. Click "OK" to close the "System Properties" window.

      5. Reboot the machine.


  2. Running cp_uploader

    Run:

    [Expert@HostName]# cp_uploader -u <User Center UserName> [-c] [-e E-Mails] [-s Ticket_Number] FILE1 FILE2 FILE3 ...

    Note

    • Run cp_uploader from the extracted directory (or use the full path).
      Note: if the tool was installed on a Windows computer (which is not a Security Gateway or Security Management server), place the tool in the same location as the ca.bundle file which was also extracted from the downloaded package.

    • Use one space character as the delimiter between filenames.

    • Wildcards are accepted instead of FILE1. You can use *gz or  /var/log/* syntax.

    Flags Description
    -u User Center UserName User Center email address (a prompt asking for the User Center password is shown.
    The password is not stored in the CLI history, or in messages/log files)
    -c Generates and uploads the CPinfo output
    -e "E-Mails" List of email addresses for notification, enclosed in double-quotes and separated by semicolons. for example -e "EMail1;EMail2;EMail3"
    -s Ticket_Number The number of the Service Request (SR) opened with Check Point Support. For example -s 28-123456789
    -v Displays the cp_uploader version
    -h Displays this help

    To see help, run: cp_uploader -h

     

    Additional clarifications

    Previously, Check Point support provided SFTP credentials for upload and download of files.
    The benefits of using Check Point Uploader instead of SFTP are:

    • Authentication uses the customer User Center credentials
    • Files are encrypted before leaving customer's network
    • Files are verified for MD5 and size
    • Notifications about the upload process
    • Hold/resume features
    • Built on top of https and SFTP protocols

 

(4) Known Limitations

ID Symptoms
- The size of the files to upload is limited to 10GB (FILE1, FILE2, FILE3, ... in the above example).
Refer to sk92526 for instructions.
-

Files that contain '/' or '\' in their name, which is not according to the OS on which the cp_uploader tool is running ('/' on Windows and '\' on all the rest), cannot be uploaded to Check Point.

Example:

On Windows OS:
Uploading C:/demofile.txt is blocked
Uploading C:\demofile.txt is allowed

On Linux based OS's:
Uploading \directory\demofile is blocked
Uploading /directory/demofile is allowed

For more information, refer to cp_uploader Release Notes.

 

Applies To:
  • This SK replaces sk90446

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment