Support Center > Search Results > SecureKnowledge Details
The CPInfo utility Technical Level
Solution

Table of Contents:

  • Introduction
  • Usage Instructions
  • CLI Syntax
  • Data Collected
  • System Requirements
  • First Time Installation Instructions and Downloads
  • Manual update of CPInfo in SmartConsole
  • Troubleshooting
  • Known Limitations
  • Revision History
Click Here to Show the Entire Article

 

Introduction

CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers). The CPInfo output file allows analyzing customer setups from a remote location. 

When contacting Check Point Support, collect the CPInfo files from the Security Management server and Security Gateways involved in your case.

    • Check Point also offers the Check Point Uploader (CPWinUploader), a GUI-based utility to upload files that were requested by Check Point Support to Check Point User Center. (This utility relies on the CPInfo utility, and is automatically installed by it on Windows OS.)

      Note: CPinfo collects information about the system it is executed on, and is only supported for Gaia OS. CPWinUploader is a utility that uploads files to Check Point, but does not collect anything. CPWinUploader can upload CPinfo files (which were collected on a Gaia machine).

    • To view and analyze a CPInfo output file, use the DiagnosticsView utility.

Important Note

CPInfo collects vast amount of information. It collects files, runs commands and other methods. Some of the commands are resource intensive and running them adds more load to the system. 
Since CPinfo utility may decrease the performance of the device, verify current system’s load by running the "top" command from the Expert mode.
Do not run CPInfo during high load if the load of at least one CPU core is higher than 70%. If so, it is recommended to collect the CPInfo output during the maintenance window. 

    Usage Instructions

    CPInfo can be run directly on the command line (in all versions), or can be called from SmartUpdate.

    CLI SmartUpdate
    • On Gaia OS: run cpinfo [flags] in Clish or in Expert mode
    • On Linux OS: run cpinfo [flags] on CLI
    • On Windows OS: run cpinfo [flags] in Windows Command Prompt
    • On all versions, run cpinfo -h to see additional help
    1. Connect with SmartUpdate GUI to Security Management Server / Domain Management Server.
    2. Go to Package Management tab
    3. Right-click on the Security Gateway / Management Server object, from which you want to collect the CPInfo.
    4. Select "Upload diagnostics (CPInfo) to Check Point...".
    5. Enter your User Center credentials, SR number, and click OK.


    Generating CPInfo on Multi-Domain Management Server 

    1. Log into Multi-Domain Management Server (MDS) as "superuser".
    2. Enter Expert mode
    3. Go to the MDS environment by running: [Expert@HostName]# mdsenv
    4. Verify the correct environment by running: [Expert@HostName]# echo $FWDIR
      For example, the output will be: /opt/CPmds-RXX/
    5. Run CPInfo

    To collect CPInfo from the context of CMA/Domain that manages the Security Gateway:
    1. Log into Multi-Domain Management Server (MDS) as "superuser" and enter the Expert mode.
    2. Go to the MDS environment by running: [Expert@HostName]# mdsenv
    3. Verify the correct environment by running: [Expert@HostName]# echo $FWDIR
      For example, the output will be: /opt/CPmds-RXX/
    4. Run CPInfo:
      [Expert@HostName]# cpinfo -c CMA_Name1 CMA_Name2

      In the above example, CPInfo will generate 3 files:

      HostName_DateTime.info - contains execution summary
      HostName_DateTime_CMA_Name1.info - CPInfo collected from CMA_Name1
      HostName_DateTime_CMA_Name2.info - CPInfo collected from CMA_Name2

    Generating CPInfo on Virtual System Extension (VSX)

    1. Log into the VSX as "superuser" and enter the Expert mode.
    2. Go to the specific VS environment by running: [Expert@HostName]# vsenv <VS_ID>
    3. Run CPInfo.
    4. The collected data will be relevant for the specific VS.


    CLI Syntax

    Important:
    • On 06 October 2020, the CPInfo package was replaced with build 914000215.

    On Gaia / Linux OS On Windows OS
    # cpinfo [-h] | [-v] | [-l] [-k] [-i] [-a | -d] [-D] [-x]
    [-y all | <product>]
    [-N | -V <days>] [-z] [-o <filename>]
    [-n] [-f <FILE1> <FILE2> ... ] [-w <filename>]
    [-s <SR_Number>]
    [-u <username>] | [-K <CK_Number>]
    [-c <DOMAIN1> <DOMAIN2> ... ]
    [-e <e-mail>]
    [-T <timeout>]
    [-R <e-mail>]
    C:\> cpinfo [-h] | [-v] | [-l] [-k] [-i] [-a | -d] [-D] [-g] [-F | -r ] [-t]
    [-y all | <product>]
    [-z] [-o <filename>]
    [-n] [-f <FILE1> <FILE2> ... ] [-w <filename>]
    [-s <SR_Number>]
    [-u <username>] | [-K <CK_Number>]
    [-e <e-mail>]
    [-R <e-mail>]
    [-b | -j <conf_file>]
    

    Syntax:

    Show / Hide the explanation about the flags

    Argument Description Important Notes
    none Collect the CPInfo output file
    • The output file will be created in the current working directory
      under the name HostName_DD_MM_YYYY_HH_mm.info
    -h Display built-in help and exit  
    -v Show CPInfo version and exit  
    -y all | <product> Show installed hotfixes
    (either all, or for specific product)
    -l Include export of $FWDIR/log/fw.log
    records in the CPInfo file
    • This will cause additional CPU load and memory consumption
    -k Include contents of FireWall and SecureXL
    kernel tables in the CPInfo file
    (outputs of fw tab -t <table>, fwaccel conns)
    • This will cause additional CPU load and memory consumption
    -c <Domain_Name> Generate CPInfo file for the
    specified Domain Management Server
    • Applies only to Multi-Domain Management Server
    • Allows to collect CPInfo (and MDS export on R80 or above)
      per certain Domain without having to switch to its context
    -o <filename> Write the collected information
    into the specified output file
    • Creates output file named <filename>.info,
      unless this file extension was already specified
    • If "-o" is not specified, then file named
      <HostName_DD_MM_YYYY_HH_mm.info>
      is created in the current working directory
      (example for file created on machine "R77.30-GW",
      on 05 Oct 2016, at 15h 04m -
      R77.30-GW_5_10_2016_15_04.info)
    • Can be used in combination with "-z"
    • Can be used in combination with "-i"
    • Can NOT be used in combination with "-n"
    -z Compress the CPInfo output file
    • Used in combination with "-o"
    • If the "Allow Upload" consent flag is enabled (sk111080),
      then the file is compressed by default (even without "-z")
    -i Non-interactive mode
    • CPInfo does not ask for the "SR Number"
    • Can be used in shell scripts for automation
    • Should be used in combination with "-n" or "-R"
    • Can NOT be used in combination with "-a"
    -a Force the update check of CPInfo utility
    (by default, it is checked once a week)
    • Can NOT be used in combination with "-d"
    • Can NOT be used in combination with "-i"
    -d Do not check for updates of CPInfo utility
    • Can NOT be used in combination with "-a"
    -D Do not upload files to Check Point
    • Can NOT be used in combination with "-f" or "-w" or "-e"
    -n Do not collect and create CPInfo file
    • Should be used in combination with "-f" or "-w"
    • Can NOT be used in combination with "-o"
    -f <file> Upload additional files to Check Point cloud
    • Should be used in combination with "-n" and "-i"
    • Either specify a single file: file
      Or specify multiple files: file1 file2 file3 ...
      (multiple files must be separated by spaces)
    • Also refer to "-w"
    • If the file to be uploaded is not compressed,
      then CPInfo utility will first compress it, and then upload it
    -w <filename> Specifies a file that contains a list of files
    to be uploaded to Check Point cloud
    • Used instead of "-f"
    • Lines in this file must be separated by the "\n" character
      (press Enter after each line)
    -s <SR_Number> Specify the number of Service Request
    opened with Check Point Support
    • For example, -s 28-123456789
    -u <username> Connect to Check Point User Center
    with specified username
    • <username> is your e-mail used for User Center login
    • User will be asked to enter a password
    • If "-u" is not used, then CK of this machine is used for authentication
    • Also refer to "-K <CK_Number>"
    • cannot be used in combination with –i flag
    -K <CK_Number> Connect to Check Point User Center
    with specified CK Number
    • Used instead of "-u"
    • Run the "cplic print" command
      and take only the hex digits after the "CK-"
    • Exists since Build 914000164
    -e <e-mail> Specify the e-mails of people that
    should be notified about upload status
    • Either specify a single e-mail:
      user@exampledomain.com
    • Or specify multiple e-mails:
      "user1@exampledomain.com;user2@exampledomain.com;..."
      • must be enclosed in double-quotes
      • must be separated by semi-colons
    -T <timeout> Specify the timeout (in seconds) for the
    commands executed by the CPInfo utility
    • Applies only to Gaia / SecurePlatform / IPSO / Linux OS
    • Default timeout is 5 minutes (300 seconds)
    • Value "0" means no timeout
    • This does not apply to collection of the CPInfo output file itself
    -R <e-mail> R80.x upgrade simulation service mode
    • This argument was added in CPinfo build 914000128
    • Applies only to Security Management / Multi-Domain Management Server
    • Collects relevant information for simulating an upgrade to R80.x
    • Can only be used in combination with "-i"
    • Requires e-mails to notify about upload status
      • Either specify a single e-mail:
        user@exampledomain.com
      • Or specify multiple e-mails:
        "user1@exampledomain.com;user2@exampledomain.com;..."
        • must be enclosed in double-quotes
        • must be separated by semi-colons
    This allow users of versions R75.40-R77.30 to check if their system
    can be easily upgraded to R80.x. Besides the regular data collection,
    CPInfo utility will export the relevant files (using a custom version
    of export tools) and will upload the output to a destination folder
    on Check Point FTP server. Both files will have a unique name consistent
    of a 10-digit number to match the CPInfo and the export files together,
    a counter (102 or 202) to state how many files were uploaded,
    the name of the machine and the time stamp. Once the files are uploaded,
    they will be handled by R80.x upgrade simulation service team.
    For additional information, refer to sk110267.
    -x Do not export the management database
    • Applies only to versions R80 or above
    • On Security Management Server - will not collect migrate export
    • On Multi-Domain Management Server - will not collect MDS export
    -j <conf_file> Create a CPInfo configuration file <conf_file>
    • Applies only to Windows OS
    • Requires installed Check Point Software on this machine
    • Can NOT be used in combination with "-n"
    • Must wait for the CPInfo output file to be collected:
      CPInfo output file is collected, and name of each
      collected section / command / file is saved in this
      configuration file (which can be edited, so that
      irrelevant data is not collected)
    -b CPInfo will perform according to the
    configuration file that was created with "-j"
    (you can delete irrelevant lines from that file)
    • Applies only to Windows OS
    • Requires installed Check Point Software on this machine
    -g Do not resolve network addresses
    • Applies only to Windows OS
    • Requires installed Check Point Software on this machine
    -F
    -r
    Include the Windows Registry in the CPInfo file
    • Applies only to Windows OS
    • "-F" exists since Build 914000164
    • "-r" exists in Build 914000158 and lower
    -t Output consists of tables only
    • Applies only to Windows OS
    • Applies only to machine with installed SecureRemote client
    -N Reverts to current situation of uploading CPview of last day
    • It will still will be zipped together with .info file
    -V <num_days> Number of days of CPview history to be collected
    • 0 days will result in no CPView database upload
    • Negative / double number of days is not allowed
    • Upon receiving num_days > 0, a warning will be printed that collection of CPView database might take a few minutes ("Collection process might take a few minutes. Please wait until the collection is done.")
    • Combination of '-V' and '-N' flag is not allowed

    Examples:

    Show / Hide the examples

    Note: Refer to explanations in the "Allowing upload of data to Check Point / download of data from Check Point" section.

    # What to do How to do it
    1
    • Generate the CPInfo file
    • Create the file in the current working directory
    • Use the default name
    • Do not compress the output file
    The final file will be
    HostName_DD_MM_YYYY_HH_mm.info
    # cpinfo
    2
    • Generate the CPInfo file
    • Create the file in the current working directory
    • Use the default name
    • Compress the output file
    The final file will be
    HostName_DD_MM_YYYY_HH_mm.info.gz
    # cpinfo -z
    3
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile with default extension .info
    • Compress the output file
    The final file will be /var/tmp/myfile.info.gz
    # cpinfo -z -o /var/tmp/myfile
    4
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile with default extension .info
    • Include export of $FWDIR/log/fw.log records
    • Include contents of FireWall and SecureXL tables
    • Compress the output file
    The final file will be /var/tmp/myfile.info.gz
    # cpinfo -l -k -z -o /var/tmp/myfile
    5
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Upload the output file to Check Point:
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    The final file will be /var/tmp/myfile.cpinfo.gz
    # cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789
    6
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Upload the output file to Check Point:
      • log in with CK-123456789000
      • upload to Service Request 28-123456789
    The final file will be /var/tmp/myfile.cpinfo.gz
    # cpinfo -z -o /var/tmp/myfile.cpinfo -K 123456789000 -s 28-123456789
    7
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Upload the output file to Check Point:
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    • Notify people about upload status
    The final file will be /var/tmp/myfile.cpinfo.gz
    # cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
    8
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Do not prompt for an SR Number
    # cpinfo -i -z -o /var/tmp/myfile.cpinfo
    9
    • Do not generate the CPInfo file
    • Upload the file /var/log/myfile.txt
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    • Notify people about upload status
    # cpinfo -n -i -f /var/log/myfile.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
    10
    • Do not generate the CPInfo file
    • Upload all files listed in the /var/log/upload_these_files.txt
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    • Notify people about upload status
    # cpinfo -n -i -w /var/log/upload_these_files.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
    11
    • Create a CPInfo configuration file
    Note: Must wait for the CPInfo output file to be collected
    # cpinfo -n -i -F -j C:\CPinfo_config.txt
    12
    • To check the status of the CPView history daemon by running "/bin/cpview_start.sh history stat" (or "cpview history stat"). If daemon is on - we turn it off and then turn it on again once CPView processing is done
     

    Data Collected

    CPInfo collects the entire Security Gateway installation directory, including $FWDIR/log/* and other log files. Some of the other viewable information includes:

    • System message logs
    • Module version information
    • Installed hotfixes information
    • OS and network statistics
    • Interfaces and devices information
    • Various FW1 tables
    • Configuration and database files
    • Core dump files

     

    System Requirements

    DNS DNS server must be configured on the machine, on which you run CPInfo

    Uploading CPInfo files
    to Check Point

    To upload CPInfo files to Check Point, the following ports should be open:
    • For Authentication (HTTPS - port 443):
      • services.checkpoint.com
    • File uploading (HTTPS - port 443, or SFTP - port 22):
      • ftp-proxy.checkpoint.com
      • mercury.ts.checkpoint.com
      • fairfax.ott.checkpoint.com

     

    • Connecting through a Proxy

      This section is relevant for machines that access the Internet through an HTTP proxy server while Check Point Security Gateway / Security Management on that machine is not configured with such proxy (as described in Administration Guide).

      CPInfo utility updates itself and uploads files over HTTPS protocol.

      CPInfo utility will read the proxy configuration that was configured on the Security Gateway (either in SmartDashboard, or on CLI).

      The proxy can be configured either in SmartConsole, or on the Security Gateway machine.

      Show / Hide instructions for proxy configuration on all platforms
      1. In the SmartConsole:

        1. Open the Security Gateway object

        2. Go to Network Services pane

        3. In the Proxy section, configure the relevant proxy settings, and click on OK

          Example:
        4. Install policy

        • On Gaia OS - in Clish:

          1. Configure the proxy:
            HostName:0> set proxy ipv4-address http://PROXY_HOST port PROXY_PORT

          2. Save the configuration: HostName:0> save config

            On the Security Gateway machine:On Gaia OS - in Expert mode:

          1. In the $CPDIR/tmp/.CPprofile.sh script

            Add this line:
            http_proxy=http://USERNAME:PASSWORD@PROXY_HOST:PROXY_PORT ; export http_proxy

            (where "username" and "password" are the proxy credentials - only if needed)

            Under this line:
            INFODIR=/opt/CPinfo-10 ; export INFODIR
          2. Restart all Check Point services:
            [Expert@HostName]# cpstop ; cpstart

     

    First Time Installation Instructions and Downloads

    • For Gaia OS

      Download the latest CPInfo utility from the table below:

      Platform Product Version Download CPInfo
        CPInfo for Gaia OS R80.x  (TGZ)
      R80  (TGZ)

      Note: If the download of CPInfo utility is impossible, either install it from the /sysimg/CPwrapper/linux/CPinfo/CPinfo-10-00.i386.rpm, or extract the /linux/CPinfo/CPinfo-10-00.i386.rpm package from the CD.

      • Show / Hide the installation instructions for Gaia OS 

        Run the following commands from the directory where you put the downloaded file:

        1. Place the file in a temp directory on the target system.

        2. Go into that directory.

        3. Unpack the CPInfo package:
          [Expert@HostName]# tar -xvzf cpinfo_<package_name>.tgz

        4. Install the CPInfo utility:
          [Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm

          Notes:

          • The CPInfo utility will be installed into /opt/CPinfo-10/ directory
          • The installation log file is /opt/CPInstLog/install_status.log
            (in addition, refer to /opt/CPInstLog/install_cpinfo_10.elg)
          • The CPInfo installation directory will automatically be added to the $PATH environment variable
        5. Log out from all shells on the target system.

        6. Log in to the shell before.

        7. Verify that the CPInfo utility was installed:
          [Expert@HostName]# rpm -qa | grep CPinfo

          Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the RPM database:
          [Expert@HostName]# rpm -v --rebuilddb
        8. Check the build number of CPInfo utility:

          • Either run:

            [Expert@HostName]# cpinfo

            The output should be:

            This is Check Point CPinfo Build 914000xxx for GAIA
            Verifying CK...

          • Or run:

            [Expert@HostName]# cpinfo -v

            The output should be:

            This is Check Point CPinfo Build 914000xxx for GAIA


    • For Windows

      Download the latest CPInfo utility for Windows from the table below:

      Platform Product Version Download CPInfo
      CPInfo for Windows OS Pre-R80  (TGZ)

      • Show / Hide the install instructions for Windows
        1. Download the CPInfo package.

        2. Place the file in a temp directory on the target system.

        3. Unpack the CPInfo package using a program like WinZIP, WinRAR, 7zip, etc.

        4. Go into Package folder.

        5. Right-click the cpinfo_914000xxx_1.exe - select Run as administrator.

        6. Follow the installation instructions in the Installation Shield.

        7. Check the build number of CPInfo utility:

          • Either run:

            C:\> cpinfo

            The output should be:

            This is Check Point CPinfo Build 914000xxx for Windows

            Verifying CK...

          • Or run:

            C:\> cpinfo -v

            The output should be:
            This is Check Point CPinfo Build 914000xxx for Windows

        Notes:

        • The CPInfo utility will be installed into C:\Program Files (x86)\CheckPoint\cpinfo\ folder
        • The installation log file is c:\Program Files (x86)\CheckPoint\CPInstLog\install_status.log
          (in addition, refer to c:\Program Files (x86)\CheckPoint\CPInstLog\install_cpinfo_.elg)
        • The CPInfo installation folder will automatically be added to the %PATH% environment variable

       

    Manual update of CPInfo in SmartConsole

    SmartConsole uses the CPInfo utility for Check Point upload services. Follow the instructions below to manually update the CPInfo utility in SmartConsole:
      1. Run CPInfo installation on your SmartConsole client machine. If the CPInfo latest build is already installed, you can skip this step.

      2. After installation, copy the following files files to the SmartConsole client:

        C:\Program Files (x86)\CheckPoint\cpinfo\bin\cpinfo.exe
        C:\Program Files (x86)\CheckPoint\cpinfo\bin\data\ca_bundle.crt

      3. Go to the SmartConsole folder C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM

      4. Backup the following files and replace them with the files you copied to the bin directory:

        C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\cpinfo.exe
        C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\data\ca-bundle.crt

     

    Troubleshooting

    For the list of problems and troubleshooting instructions, refer to sk114496 - Troubleshooting the CPInfo utility article.

     

    Known Limitations

    The following limitations are known with CPInfo utility:

    # Symptoms
    1

    Files that contain '/' or '\' in their name, which is not according to the OS on which the CPInfo utility is running, cannot be uploaded to Check Point.

    Example:

      • Uploading \directory\demofile will be blocked
      • Uploading /directory/demofile will be processed successfully
    2 The size of the files to upload is limited to 10 GB.
    Refer to sk92526 for relevant instructions.


    Revision History

    Date Description
    06 Oct 2020 CPInfo package was replaced (build 914000215
    07 June 2020 Added Important Note to the Introduction section
    22 Dec 2019 CPInfo package was replaced (build 914000202
    16 Dec 2019 CPInfo package was replaced (build 914000201)
    07 Oct 2019  CPInfo package was replaced (build 914000196)
    26 Dec 2018  CPInfo package was replaced (build 914000191)
    05 Nov 2018 CPInfo package was replaced (build 914000190)
    12 Dec 2017 Minor design changes 
    17 Oct 2017 Added CPUSE offline packages links
    03 Oct 2017 CPInfo package was replaced (build 914000182)
      12 Sep 2017
      • CPInfo package was replaced (build 914000180)
      • Important Notes, Syntax and Flags tables were updated
      13 Jun 2017 Description of -R argument was updated for R80.x
        22 Mar 2017 CPInfo package was replaced (build 914000176)
          05 Dec 2016 Added the Troubleshooting section
            04 Dec 2016
            • Article was redesigned
            • Added section about generating CPInfo on Multi-Domain Management Server
            20 Nov 2016
            • CPInfo package was replaced (build 914000173) with a new ca-bundle.crt
            • Added "Manual update of CPInfo in SmartConsole" section
            • Added -D flag explanation
            02 Oct 2016 CPInfo package was replaced (starting in build 914000164)

               

               

               

              Give us Feedback
              Please rate this document
              [1=Worst,5=Best]
              Comment