Support Center > Search Results > SecureKnowledge Details
The CPInfo utility Technical Level
Solution

Table of Contents:

  • Introduction
  • Usage Instructions
  • First Time Installation Instructions and Downloads
  • CLI Syntax
  • Data Collected
  • System Requirements
  • Manual update of CPInfo in SmartConsole
  • Troubleshooting
  • Known Limitations
  • Revision History
Click Here to Show the Entire Article

 

Introduction

CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers). The CPInfo output file allows analyzing customer setups from a remote location. 

When contacting Check Point Support, collect the CPInfo files from the Security Management server and Security Gateways involved in your case.

    • Check Point also offers the Check Point Uploader (CPWinUploader), a GUI-based utility to upload files that were requested by Check Point Support to Check Point User Center. (This utility relies on the CPInfo utility, and is automatically installed by it on Windows OS.)

      Note: CPinfo collects information about the system it is executed on, and is only supported for Gaia OS. CPWinUploader is a utility that uploads files to Check Point, but does not collect anything. CPWinUploader can upload CPinfo files (which were collected on a Gaia machine).

    • To view and analyze a CPInfo output file, use the DiagnosticsView utility.

Important Note

CPInfo collects a vast amount of information. It collects files, runs commands and other methods. Some of the commands are resource intensive and running them adds more load to the system. 
Because collecting the CPinfo output file may decrease the performance of the target system, verify the CPU utilization by running the "top" command in the Expert mode.
Do not run the CPInfo tool if the current CPU utilization of at least one CPU core is greater than 70%. We recommend to collect the CPInfo output during the maintenance window. 

    Usage Instructions

    CPInfo can be run directly on the command line (in all versions), or can be called from SmartUpdate.

    CLI SmartUpdate
    • On Gaia OS: run cpinfo [flags] in Gaia Clish or in Expert mode
    • On Linux OS: run cpinfo [flags] in CLI
    • On Windows OS: run cpinfo [flags] in Windows Command Prompt
    • On all versions, run cpinfo -h to see additional help
    1. Connect with SmartUpdate GUI to Security Management Server / Domain Management Server.
    2. Go to Package Management tab
    3. Right-click on the Security Gateway / Management Server object, from which you want to collect the CPInfo.
    4. Select "Upload diagnostics (CPInfo) to Check Point...".
    5. Enter your User Center credentials, SR number, and click OK.


    Generating CPInfo on a Multi-Domain Security Management Server 

    1. Connect to the command line on the Multi-Domain Security Management Server.
    2. If your default shell is Gaia Clish, then go to the Expert mode:
      HostName> expert
    3. Log in with the "superuser" credentials.
    4. Go to the MDS environment:
      [Expert@HostName:0]# mdsenv
    5. Verify the correct environment:
      [Expert@HostName:0]# echo $FWDIR
      For example, the output will be: /opt/CPmds-R80.40/
    6. Run the CPInfo tool (see "CLI Syntax").

    To collect CPInfo from the context of a specific Domain Management Server:
    1. Connect to the command line on the Multi-Domain Security Management Server.
    2. If your default shell is Gaia Clish, then go to the Expert mode:
      HostName> expert
    3. Log in with the "superuser" credentials.
    4. Go to the MDS environment:
      [Expert@HostName:0]# mdsenv
    5. Verify the correct environment:
      [Expert@HostName:0]# echo $FWDIR
      For example, the output will be: /opt/CPmds-R80.40/
    6. Run the CPInfo tool (see "CLI Syntax"):
      [Expert@HostName:0]# cpinfo -c <Name_of_Domain>

      In the above example, CPInfo will generate these files:

      • <HostName>_<DateTime>.info - contains execution summary
      • <HostName>_<DateTime>_<Name_of_Domain>.info - CPInfo collected from the Domain Management Server

    Generating CPInfo on a VSX Gateway for a specific Virtual System

    1. Connect to the command line on the VSX Gateway.
    2. If your default shell is Gaia Clish, then go to the Expert mode:
      HostName> expert
    3. Go to the context of the applicable Virtual System:
      [Expert@HostName:0]# vsenv <VS_ID>
    4. Run the CPInfo tool (see "CLI Syntax").

     

    First Time Installation Instructions and Downloads

    • For Gaia OS

      Important: On 02 June 2022, the CPInfo package was replaced with build 914000231.

      Download the latest CPInfo utility from the table below:

      Platform Product Version Download CPInfo
        CPInfo for Gaia OS R80, R80.x, R81 and R81.x  (TGZ)

      Note: If the download of CPInfo utility is impossible, either install it from the /sysimg/CPwrapper/linux/CPinfo/CPinfo-10-00.i386.rpm, or extract the /linux/CPinfo/CPinfo-10-00.i386.rpm package from the CD.

      • Show / Hide the installation instructions for Gaia OS 

        Run the following commands from the directory where you put the downloaded file:

        1. Place the file in a temporary directory on the target system.

        2. Go into that directory.

        3. Unpack the CPInfo package:

          [Expert@HostName]# tar -xvzf cpinfo_<package_name>.tgz

        4. Install the CPInfo utility:

          [Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm

          Notes:

          • The CPInfo utility will be installed into /opt/CPinfo-10/ directory
          • The installation log file is /opt/CPInstLog/install_status.log
            (in addition, refer to /opt/CPInstLog/install_cpinfo_10.elg)
          • The CPInfo installation directory will automatically be added to the $PATH environment variable
        5. Log out from all shells on the target system.

        6. Log in again.

        7. Verify that the CPInfo utility was installed:

          [Expert@HostName]# rpm -qa | grep CPinfo

          Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the RPM database:
          [Expert@HostName]# rpm -v --rebuilddb
        8. Check the build number of CPInfo utility:

          • Either run:

            [Expert@HostName]# cpinfo

            The output should be:

            This is Check Point CPinfo Build 914000xxx for GAIA
            Verifying CK...

          • Or run:

            [Expert@HostName]# cpinfo -v

            The output should be:

            This is Check Point CPinfo Build 914000xxx for GAIA
    • For Windows

      Download the latest CPInfo utility for Windows from the table below:

      Platform Product Version Download CPInfo
      CPInfo for Windows OS Pre-R80  (TGZ)

      • Show / Hide the installation instructions for Windows
        1. Download the CPInfo package.

        2. Place the file in a temp directory on the target system.

        3. Unpack the CPInfo package using a program like WinZIP, WinRAR, 7zip, etc.

        4. Go into Package folder.

        5. Right-click the cpinfo_914000xxx_1.exe - select Run as administrator.

        6. Follow the installation instructions in the Installation Shield.

        7. Check the build number of CPInfo utility:

          • Either run:

            C:\> cpinfo

            The output should be:

            This is Check Point CPinfo Build 914000xxx for Windows

            Verifying CK...

          • Or run:

            C:\> cpinfo -v

            The output should be:
            This is Check Point CPinfo Build 914000xxx for Windows

        Notes:

        • The CPInfo utility will be installed into C:\Program Files (x86)\CheckPoint\cpinfo\ folder
        • The installation log file is c:\Program Files (x86)\CheckPoint\CPInstLog\install_status.log
          (in addition, refer to c:\Program Files (x86)\CheckPoint\CPInstLog\install_cpinfo_.elg)
        • The CPInfo installation folder will automatically be added to the %PATH% environment variable

     


    CLI Syntax

    On Gaia / Linux OS On Windows OS
    # cpinfo [-h] | [-v] | [-R] | [-l] [-k] [-i] [-a | -d] [-D] [-x]
    [-y all | <product>]
    [-N | -V <days>] [-z] [-o <filename>]
    [-n] [-f <FILE1> <FILE2> ... ] [-w <filename>]
    [-s <SR_Number>]
    [-u <username>] | [-K <CK_Number>]
    [-c <DOMAIN1> <DOMAIN2> ... ]
    [-e <e-mail>]
    [-T <timeout>]
    C:\> cpinfo [-h] | [-v] | [-R] |[-l] [-k] [-i] [-a | -d] [-D] [-g] [-F | -r ] [-t]
    [-y all | <product>]
    [-z] [-o <filename>]
    [-n] [-f <FILE1> <FILE2> ... ] [-w <filename>]
    [-s <SR_Number>]
    [-u <username>] | [-K <CK_Number>]
    [-e <e-mail>]
    [-b | -j <conf_file>]
    

    Syntax:

    Show / Hide the explanation about the flags

    Argument Description Important Notes
    none Collects the CPInfo output file
    • The output file will be created in the current working directory
      with this name:
      <HostName>_<DD_MM_YYYY_HH_mm>.info
    -h Shows the built-in help and exits  
    -v Shows the CPInfo version and exits  
    -y all | <product> Shows installed hotfixes
    (either all, or for a specific product)
    -l Includes the export of the $FWDIR/log/fw.log
    records in the CPInfo file
    • This will cause additional CPU load and memory consumption
    -k Includes the contents of FireWall and SecureXL
    kernel tables in the CPInfo file
    (outputs of fw tab -t <table>, fwaccel conns)
    • This will cause additional CPU load and memory consumption
    -c <Domain_Name> Generates the CPInfo file for the
    specified Domain Management Server
    • Applies only to Multi-Domain Management Server
    • Allows to collect CPInfo (and MDS export on R80 or above)
      per certain Domain without having to switch to its context
    -o <filename> Writes the collected information
    to the specified output file
    • Creates output file named <filename>.info,
      unless this file extension was already specified
    • If "-o" is not specified, then file named
      <HostName_DD_MM_YYYY_HH_mm.info>
      is created in the current working directory
      (example for file created on machine "R77.30-GW",
      on 05 Oct 2016, at 15h 04m -
      R77.30-GW_5_10_2016_15_04.info)
    • Can be used in combination with "-z"
    • Can be used in combination with "-i"
    • Can NOT be used in combination with "-n"
    -z Compresses the CPInfo output file
    • Used in combination with "-o"
    • If the "Allow Upload" consent flag is enabled (sk111080),
      then the file is compressed by default (even without "-z")
    -i Non-interactive mode
    • CPInfo does not ask for the "SR Number"
    • Can be used in shell scripts for automation
    • Should be used in combination with "-n" or "-R"
    • Can NOT be used in combination with "-a"
    -a Forces the update check of the CPInfo utility
    (by default, it is checked once a week)
    • Can NOT be used in combination with "-d"
    • Can NOT be used in combination with "-i"
    -d Specifies not to check for updates of CPInfo utility
    • Can NOT be used in combination with "-a"
    -D Specifies not to upload files to Check Point Cloud
    • Can NOT be used in combination with "-f" or "-w" or "-e"
    -n Specifies not to collect and create the CPInfo file
    • Should be used in combination with "-f" or "-w"
    • Can NOT be used in combination with "-o"
    -f <file> Uploads additional files to Check Point Cloud
    • Should be used in combination with "-n" and "-i"
    • Either specify a single file: file
      Or specify multiple files: file1 file2 file3 ...
      (multiple files must be separated by spaces)
    • Also refer to "-w"
    • If the file to be uploaded is not compressed,
      then CPInfo utility will first compress it, and then upload it
    -w <filename> Specifies a file that contains a list of files to be uploaded to Check Point Cloud
    • Used instead of "-f"
    • Lines in this file must be separated by the "\n" character
      (press Enter after each line)
    -s <SR_Number> Specifies the number of the Service Request
    opened with Check Point Support
    • For example, -s 28-123456789
    -u <username> Connects to Check Point User Center with the specified username
    • <username> is your e-mail used for User Center login
    • User will be asked to enter a password
    • If "-u" is not used, then CK of this machine is used for authentication
    • Also refer to "-K <CK_Number>"
    • cannot be used in combination with –i flag
    -K <CK_Number> Connects to Check Point User Center with the specified CK Number
    • Used instead of "-u"
    • Run the "cplic print" command
      and take only the hex digits after the "CK-"
    • Exists since Build 914000164
    -e <e-mail> Specifies the e-mails of people that should be notified about the upload status of the CPinfo file
    • Either specify a single e-mail:
      user@exampledomain.com
    • Or specify multiple e-mails:
      "user1@exampledomain.com;user2@exampledomain.com;..."
      • must be enclosed in double-quotes
      • must be separated by semi-colons
    -R Removes the local CPinfo output files from the current user's home directories
    -T <timeout> Specifies the timeout (in seconds) for the
    commands executed by the CPInfo utility
    • Applies only to Gaia / SecurePlatform / IPSO / Linux OS
    • Default timeout is 5 minutes (300 seconds)
    • Value "0" means no timeout
    • This does not apply to collection of the CPInfo output file itself
    -x Specifies not to export the management database
    • Applies only to versions R80 or above
    • On a Security Management Server - will not collect the migrate export
    • On a Multi-Domain Management Server - will not collect an MDS export
    -j <conf_file> Creates a CPInfo configuration file <conf_file>
    • Applies only to Windows OS
    • Requires installed Check Point Software on this machine
    • Can NOT be used in combination with "-n"
    • Must wait for the CPInfo output file to be collected:
      CPInfo output file is collected, and name of each
      collected section / command / file is saved in this
      configuration file (which can be edited, so that
      irrelevant data is not collected)
    -b Runs the CPInfo based on the configuration file that was created with the "-j" option
    (you can delete irrelevant lines from that file)
    • Applies only to Windows OS
    • Requires installed Check Point Software on this machine
    -g Specifies not to resolve network addresses
    • Applies only to Windows OS
    • Requires installed Check Point Software on this machine
    -F
    -r
    Includes the Windows Registry in the CPInfo file
    • Applies only to Windows OS
    • "-F" exists since Build 914000164
    • "-r" exists in Build 914000158 and lower
    -t Specifies to collect only the relevant tables
    • Applies only to Windows OS
    • Applies only to machine with installed SecureRemote client
    -N Reverts to the state of uploading CPview of the last day
    • It will still will be zipped together with .info file
    -V <num_days> Specifies the number of days of CPview history to be collected
    • 0 days will result in no CPView database upload
    • Negative / double number of days is not allowed
    • Upon receiving num_days > 0, a warning will be printed that collection of CPView database might take a few minutes ("Collection process might take a few minutes. Please wait until the collection is done.")
    • Combination of '-V' and '-N' flag is not allowed

    Examples:

    Show / Hide the examples

    Note: Refer to explanations in the "Allowing upload of data to Check Point / download of data from Check Point" section.

    # What to do How to do it
    1
    • Generate the CPInfo file
    • Create the file in the current working directory
    • Use the default name
    • Do not compress the output file
    The final file will be
    HostName_DD_MM_YYYY_HH_mm.info
    cpinfo
    2
    • Generate the CPInfo file
    • Create the file in the current working directory
    • Use the default name
    • Compress the output file
    The final file will be
    HostName_DD_MM_YYYY_HH_mm.info.gz
    cpinfo -z
    3
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile with default extension .info
    • Compress the output file
    The final file will be /var/tmp/myfile.info.gz
    cpinfo -z -o /var/tmp/myfile
    4
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile with default extension .info
    • Include export of $FWDIR/log/fw.log records
    • Include contents of FireWall and SecureXL tables
    • Compress the output file
    The final file will be /var/tmp/myfile.info.gz
    cpinfo -l -k -z -o /var/tmp/myfile
    5
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Upload the output file to Check Point:
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    The final file will be /var/tmp/myfile.cpinfo.gz
    cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789
    6
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Upload the output file to Check Point:
      • log in with CK-123456789000
      • upload to Service Request 28-123456789
    The final file will be /var/tmp/myfile.cpinfo.gz
    cpinfo -z -o /var/tmp/myfile.cpinfo -K 123456789000 -s 28-123456789
    7
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Upload the output file to Check Point:
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    • Notify people about upload status
    The final file will be /var/tmp/myfile.cpinfo.gz
    cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
    8
    • Generate the CPInfo file
    • Create the file in the directory /var/tmp/
    • Use the file name myfile.cpinfo
    • Compress the output file
    • Do not prompt for an SR Number
    cpinfo -i -z -o /var/tmp/myfile.cpinfo
    9
    • Do not generate the CPInfo file
    • Upload the file /var/log/myfile.txt
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    • Notify people about upload status
    cpinfo -n -i -f /var/log/myfile.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
    10
    • Do not generate the CPInfo file
    • Upload all files listed in the /var/log/upload_these_files.txt
      • log in with user@exampledomain.com
      • upload to Service Request 28-123456789
    • Notify people about upload status
    cpinfo -n -i -w /var/log/upload_these_files.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
    11
    • Create a CPInfo configuration file
    Note: Must wait for the CPInfo output file to be collected
    cpinfo -n -i -F -j C:\CPinfo_config.txt
    12
    • To check the status of the CPView history daemon by running "/bin/cpview_start.sh history stat" (or "cpview history stat"). If daemon is enabled - we turn disable it and then enable it again after CPView processing is done
     

    Data Collected

    CPInfo collects the entire Security Gateway installation directory, including $FWDIR/log/* and other log files. Some other viewable information includes:

    • System message logs
    • Module version information
    • Installed hotfixes information
    • OS and network statistics
    • Interfaces and devices information
    • Various FW1 tables
    • Configuration and database files
    • Core dump files

     

    System Requirements

    DNS DNS server must be configured on the machine, on which you run CPInfo

    Uploading CPInfo files
    to Check Point

    To upload CPInfo files to Check Point, the following ports should be open:
    • For Authentication (HTTPS - port 443):
      • services.checkpoint.com
    • File uploading (HTTPS - port 443, or SFTP - port 22):
      • ftp-proxy.checkpoint.com
      • mercury.ts.checkpoint.com
      • fairfax.ott.checkpoint.com

     

    • Connecting through a Proxy

      This section is relevant for machines that access the Internet through an HTTP proxy server, while Check Point Security Gateway / Security Management on that machine is not configured with such proxy (as described in the Administration Guide).

      CPInfo utility updates itself and uploads files over HTTPS protocol.

      CPInfo utility will read the proxy configuration that was configured on the Security Gateway (either in SmartDashboard, or on CLI).

      The proxy can be configured either in SmartConsole, or on the Security Gateway machine.

      Show / Hide instructions for proxy configuration on all platforms
      1. In the SmartConsole:

        1. Open the Security Gateway object

        2. Go to Network Services pane

        3. In the Proxy section, configure the relevant proxy settings, and click on OK

          Example:
        4. Install policy

        • On Gaia OS - in Clish:

          1. Configure the proxy:
            HostName:0> set proxy ipv4-address http://PROXY_HOST port PROXY_PORT

          2. Save the configuration: HostName:0> save config

            On the Security Gateway machine:On Gaia OS - in Expert mode:

          1. In the $CPDIR/tmp/.CPprofile.sh script

            Add this line:
            http_proxy=http://USERNAME:PASSWORD@PROXY_HOST:PROXY_PORT ; export http_proxy

            (where "username" and "password" are the proxy credentials - only if needed)

            Under this line:
            INFODIR=/opt/CPinfo-10 ; export INFODIR
          2. Restart all Check Point services:
            [Expert@HostName]# cpstop ; cpstart


    Manual update of CPInfo in SmartConsole

    SmartConsole uses the CPInfo utility for Check Point upload services. Follow the instructions below to manually update the CPInfo utility in SmartConsole:
      1. Run CPInfo installation on your SmartConsole client machine. If the CPInfo's latest build is already installed, you can skip this step.

      2. After installation, copy the following files to the SmartConsole client:

        C:\Program Files (x86)\CheckPoint\cpinfo\bin\cpinfo.exe
        C:\Program Files (x86)\CheckPoint\cpinfo\bin\data\ca_bundle.crt

      3. Go to the SmartConsole folder C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM

      4. Back up these files and replace them with the files you copied to the bin directory:

        C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\cpinfo.exe
        C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\data\ca-bundle.crt

     

    Troubleshooting

    For the list of problems and troubleshooting instructions, refer to sk114496 - Troubleshooting the CPInfo utility article.

     

    Known Limitations

    The following limitations are known with CPInfo utility:

    # Symptoms
    1

    Files that contain '/' or '\' in their name, which is not according to the OS on which the CPInfo utility is running, cannot be uploaded to Check Point.

    Example:

      • Uploading \directory\demofile will be blocked
      • Uploading /directory/demofile will be processed successfully
    2 The size of the files to upload is limited to 10 GB.
    Refer to sk92526 for relevant instructions.


    Revision History

    Date Description
    02 June 2022 CPInfo package was replaced (build 914000231)
    17 Jan 2022 CPInfo package was replaced (build 914000227)
    16 Aug 2021 CPInfo package was replaced (build 914000219
    06 Oct 2020 CPInfo package was replaced (build 914000215
    07 June 2020 Added Important Note to the Introduction section
    22 Dec 2019 CPInfo package was replaced (build 914000202
    16 Dec 2019 CPInfo package was replaced (build 914000201)
    07 Oct 2019  CPInfo package was replaced (build 914000196)
    26 Dec 2018  CPInfo package was replaced (build 914000191)
    05 Nov 2018 CPInfo package was replaced (build 914000190)
    12 Dec 2017 Minor design changes 
    17 Oct 2017 Added CPUSE offline packages links
    03 Oct 2017 CPInfo package was replaced (build 914000182)
      12 Sep 2017
      • CPInfo package was replaced (build 914000180)
      • Important Notes, Syntax and Flags tables were updated
      13 Jun 2017 Description of -R argument was updated for R80.x
        22 Mar 2017 CPInfo package was replaced (build 914000176)
          05 Dec 2016 Added the Troubleshooting section
            04 Dec 2016
            • Article was redesigned
            • Added section about generating CPInfo on Multi-Domain Management Server
            20 Nov 2016
            • CPInfo package was replaced (build 914000173) with a new ca-bundle.crt
            • Added "Manual update of CPInfo in SmartConsole" section
            • Added -D flag explanation
            02 Oct 2016 CPInfo package was replaced (starting in build 914000164)

               

               

               

              Give us Feedback
              Please rate this document
              [1=Worst,5=Best]
              Comment