First Time Installation Instructions and Downloads

• For Gaia OS

  Important: On 02 June 2022, the CPInfo package was replaced with build 914000231.
  
  Download the latest CPInfo utility from the table below:

  Platform	Product Version	Download CPInfo
  CPInfo for Gaia OS	R80, R80.x, R81 and R81.x	(TGZ)

  Note: If the download of CPInfo utility is impossible, either install it from the /sysimg/CPwrapper/linux/CPinfo/CPinfo-10-00.i386.rpm, or extract the /linux/CPinfo/CPinfo-10-00.i386.rpm package from the CD.

  • Show / Hide the installation instructions for Gaia OS 
    

    Run the following commands from the directory where you put the downloaded file:

    1. Place the file in a temporary directory on the target system.

    2. Go into that directory.

    3. Unpack the CPInfo package:
       
       [Expert@HostName]# tar -xvzf cpinfo_<package_name>.tgz

    4. Install the CPInfo utility:
       
       [Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm

       Notes:

       • The CPInfo utility will be installed into /opt/CPinfo-10/ directory
       • The installation log file is /opt/CPInstLog/install_status.log
         (in addition, refer to /opt/CPInstLog/install_cpinfo_10.elg)
       • The CPInfo installation directory will automatically be added to the $PATH environment variable

    5. Log out from all shells on the target system.

    6. Log in again.

    7. Verify that the CPInfo utility was installed:
       
       [Expert@HostName]# rpm -qa | grep CPinfo

       Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the RPM database:
       [Expert@HostName]# rpm -v --rebuilddb

    8. Check the build number of CPInfo utility:

       • Either run:

         [Expert@HostName]# cpinfo

         The output should be:

         This is Check Point CPinfo Build 914000xxx for GAIA
Verifying CK...

       • Or run:

         [Expert@HostName]# cpinfo -v

         The output should be:

         This is Check Point CPinfo Build 914000xxx for GAIA

• For Windows

  Download the latest CPInfo utility for Windows from the table below:

  Platform	Product Version	Download CPInfo
  CPInfo for Windows OS	Pre-R80	(TGZ)

  
  
  • Show / Hide the installation instructions for Windows
    

    1. Download the CPInfo package.

    2. Place the file in a temp directory on the target system.

    3. Unpack the CPInfo package using a program like WinZIP, WinRAR, 7zip, etc.

    4. Go into Package folder.

    5. Right-click the cpinfo_914000xxx_1.exe - select Run as administrator.

    6. Follow the installation instructions in the Installation Shield.

    7. Check the build number of CPInfo utility:

       • Either run:

         C:\> cpinfo

         The output should be:

         This is Check Point CPinfo Build 914000xxx for Windows

         Verifying CK...

       • Or run:

         C:\> cpinfo -v

         The output should be:
         This is Check Point CPinfo Build 914000xxx for Windows

    Notes:

    • The CPInfo utility will be installed into C:\Program Files (x86)\CheckPoint\cpinfo\ folder
    • The installation log file is c:\Program Files (x86)\CheckPoint\CPInstLog\install_status.log
      (in addition, refer to c:\Program Files (x86)\CheckPoint\CPInstLog\install_cpinfo_.elg)
    • The CPInfo installation folder will automatically be added to the %PATH% environment variable

CLI Syntax

On Gaia / Linux OS	On Windows OS
# cpinfo [-h] | [-v] | [-l] [-k] [-i] [-a | -d] [-D] [-x] [-y all | <product>] [-N | -V <days>] [-z] [-o <filename>] [-n] [-f <FILE1> <FILE2> ... ] [-w <filename>] [-s <SR_Number>] [-u <username>] | [-K <CK_Number>] [-c <DOMAIN1> <DOMAIN2> ... ] [-e <e-mail>] [-T <timeout>] [-R <e-mail>] [-Q "<flag1 flag2...>" [-i] [-a | -d] [-D] [-x] [-o] [-f] [-w] [-s] [-u] [-K] [-c] [-e] [-T] ]	C:\> cpinfo [-h] | [-v] | [-R] |[-l] [-k] [-i] [-a | -d] [-D] [-g] [-F | -r ] [-t] [-y all | <product>] [-z] [-o <filename>] [-n] [-f <FILE1> <FILE2> ... ] [-w <filename>] [-s <SR_Number>] [-u <username>] | [-K <CK_Number>] [-e <e-mail>] [-b | -j <conf_file>]

Syntax:

Show / Hide the explanation about the flags

Argument	Description	Important Notes
none	Collects the CPInfo output file	The output file will be created in the current working directory with this name: <HostName>_<DD_MM_YYYY_HH_mm>.info
-h	Shows the built-in help and exits
-v	Shows the CPInfo version and exits
-y all | <product>	Shows installed hotfixes (either all, or for a specific product)	Refer to sk83860
-l	Includes the export of the $FWDIR/log/fw.log records in the CPInfo file	This will cause additional CPU load and memory consumption
-k	Includes the contents of FireWall and SecureXL kernel tables in the CPInfo file (outputs of fw tab -t <table>, fwaccel conns)	This will cause additional CPU load and memory consumption
-c <Domain_Name>	Generates the CPInfo file for the specified Domain Management Server	Applies only to Multi-Domain Management Server Allows to collect CPInfo (and MDS export on R80 or above) per certain Domain without having to switch to its context
-o <filename>	Writes the collected information to the specified output file	Creates output file named <filename>.info, unless this file extension was already specified If "-o" is not specified, then file named <HostName_DD_MM_YYYY_HH_mm.info> is created in the current working directory (example for file created on machine "R77.30-GW", on 05 Oct 2016, at 15h 04m - R77.30-GW_5_10_2016_15_04.info) Can be used in combination with "-z" Can be used in combination with "-i" Can NOT be used in combination with "-n"
-z	Compresses the CPInfo output file	Used in combination with "-o" If the "Allow Upload" consent flag is enabled (sk111080), then the file is compressed by default (even without "-z")
-i	Non-interactive mode	CPInfo does not ask for the "SR Number" Can be used in shell scripts for automation Should be used in combination with "-n" or "-R" Can NOT be used in combination with "-a"
-a	Forces the update check of the CPInfo utility (by default, it is checked once a week)	Can NOT be used in combination with "-d" Can NOT be used in combination with "-i"
-d	Specifies not to check for updates of CPInfo utility	Can NOT be used in combination with "-a"
-D	Specifies not to upload files to Check Point Cloud	Can NOT be used in combination with "-f" or "-w" or "-e"
-n	Specifies not to collect and create the CPInfo file	Should be used in combination with "-f" or "-w" Can NOT be used in combination with "-o"
-f <file>	Uploads additional files to Check Point Cloud	Should be used in combination with "-n" and "-i" Either specify a single file: file Or specify multiple files: file1 file2 file3 ... (multiple files must be separated by spaces) Also refer to "-w" If the file to be uploaded is not compressed, then CPInfo utility will first compress it, and then upload it
-w <filename>	Specifies a file that contains a list of files to be uploaded to Check Point Cloud	Used instead of "-f" Lines in this file must be separated by the "\n" character (press Enter after each line)
-s <SR_Number>	Specifies the number of the Service Request opened with Check Point Support	For example, -s 28-123456789
-u <username>	Connects to Check Point User Center with the specified username	<username> is your e-mail used for User Center login User will be asked to enter a password If "-u" is not used, then CK of this machine is used for authentication Also refer to "-K <CK_Number>" cannot be used in combination with –i flag
-K <CK_Number>	Connects to Check Point User Center with the specified CK Number	Used instead of "-u" Run the "cplic print" command and take only the hex digits after the "CK-" Exists since Build 914000164
-e <e-mail>	Specifies the e-mails of people that should be notified about the upload status of the CPinfo file	Either specify a single e-mail: user@exampledomain.com Or specify multiple e-mails: "user1@exampledomain.com;user2@exampledomain.com;..." must be enclosed in double-quotes must be separated by semi-colons
-R	Removes the local CPinfo output files from the current user's home directories
-T <timeout>	Specifies the timeout (in seconds) for the commands executed by the CPInfo utility	Applies only to Gaia / SecurePlatform / IPSO / Linux OS Default timeout is 5 minutes (300 seconds) Value "0" means no timeout This does not apply to collection of the CPInfo output file itself
-x	Specifies not to export the management database	Applies only to versions R80 or above On a Security Management Server - will not collect the migrate export On a Multi-Domain Management Server - will not collect an MDS export
-j <conf_file>	Creates a CPInfo configuration file <conf_file>	Applies only to Windows OS Requires installed Check Point Software on this machine Can NOT be used in combination with "-n" Must wait for the CPInfo output file to be collected: CPInfo output file is collected, and name of each collected section / command / file is saved in this configuration file (which can be edited, so that irrelevant data is not collected)
-b	Runs the CPInfo based on the configuration file that was created with the "-j" option (you can delete irrelevant lines from that file)	Applies only to Windows OS Requires installed Check Point Software on this machine
-g	Specifies not to resolve network addresses	Applies only to Windows OS Requires installed Check Point Software on this machine
-F -r	Includes the Windows Registry in the CPInfo file	Applies only to Windows OS "-F" exists since Build 914000164 "-r" exists in Build 914000158 and lower
-t	Specifies to collect only the relevant tables	Applies only to Windows OS Applies only to machine with installed SecureRemote client
-N	Reverts to the state of uploading CPview of the last day	It will still will be zipped together with .info file
-V <num_days>	Specifies the number of days of CPview history to be collected	0 days will result in no CPView database upload Negative / double number of days is not allowed Upon receiving num_days > 0, a warning will be printed that collection of CPView database might take a few minutes ("Collection process might take a few minutes. Please wait until the collection is done.") Combination of '-V' and '-N' flag is not allowed
-Q	Run cpinfo in quick mode	Run cpinfo -Q "-h" for more info To use the quick mode, you must have the CPSDC package installed. Refer to sk164414.

Examples:

Show / Hide the examples

Note: Refer to explanations in the "Allowing upload of data to Check Point / download of data from Check Point" section.

#	What to do	How to do it
1	Generate the CPInfo file Create the file in the current working directory Use the default name Do not compress the output file The final file will be HostName_DD_MM_YYYY_HH_mm.info	cpinfo
2	Generate the CPInfo file Create the file in the current working directory Use the default name Compress the output file The final file will be HostName_DD_MM_YYYY_HH_mm.info.gz	cpinfo -z
3	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile with default extension .info Compress the output file The final file will be /var/tmp/myfile.info.gz	cpinfo -z -o /var/tmp/myfile
4	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile with default extension .info Include export of $FWDIR/log/fw.log records Include contents of FireWall and SecureXL tables Compress the output file The final file will be /var/tmp/myfile.info.gz	cpinfo -l -k -z -o /var/tmp/myfile
5	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Upload the output file to Check Point: log in with user@exampledomain.com upload to Service Request 28-123456789 The final file will be /var/tmp/myfile.cpinfo.gz	cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789
6	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Upload the output file to Check Point: log in with CK-123456789000 upload to Service Request 28-123456789 The final file will be /var/tmp/myfile.cpinfo.gz	cpinfo -z -o /var/tmp/myfile.cpinfo -K 123456789000 -s 28-123456789
7	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Upload the output file to Check Point: log in with user@exampledomain.com upload to Service Request 28-123456789 Notify people about upload status The final file will be /var/tmp/myfile.cpinfo.gz	cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
8	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Do not prompt for an SR Number	cpinfo -i -z -o /var/tmp/myfile.cpinfo
9	Do not generate the CPInfo file Upload the file /var/log/myfile.txt log in with user@exampledomain.com upload to Service Request 28-123456789 Notify people about upload status	cpinfo -n -i -f /var/log/myfile.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
10	Do not generate the CPInfo file Upload all files listed in the /var/log/upload_these_files.txt log in with user@exampledomain.com upload to Service Request 28-123456789 Notify people about upload status	cpinfo -n -i -w /var/log/upload_these_files.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
11	Create a CPInfo configuration file Note: Must wait for the CPInfo output file to be collected	cpinfo -n -i -F -j C:\CPinfo_config.txt
12	To check the status of the CPView history daemon by running "/bin/cpview_start.sh history stat" (or "cpview history stat"). If daemon is enabled - we turn disable it and then enable it again after CPView processing is done

Data Collected

CPInfo collects the entire Security Gateway installation directory, including $FWDIR/log/* and other log files. Some other viewable information includes:

• System message logs
• Module version information
• Installed hotfixes information
• OS and network statistics
• Interfaces and devices information
• Various FW1 tables
• Configuration and database files
• Core dump files

System Requirements

DNS	DNS server must be configured on the machine, on which you run CPInfo
Uploading CPInfo files to Check Point	To upload CPInfo files to Check Point, the following ports should be open: For Authentication (HTTPS - port 443): services.checkpoint.com File uploading (HTTPS - port 443, or SFTP - port 22): ftp-proxy.checkpoint.com mercury.ts.checkpoint.com fairfax.ott.checkpoint.com

• Connecting through a Proxy

  This section is relevant for machines that access the Internet through an HTTP proxy server, while Check Point Security Gateway / Security Management on that machine is not configured with such proxy (as described in the Administration Guide).

  CPInfo utility updates itself and uploads files over HTTPS protocol.

  CPInfo utility will read the proxy configuration that was configured on the Security Gateway (either in SmartDashboard, or on CLI).

  The proxy can be configured either in SmartConsole, or on the Security Gateway machine.

  Show / Hide instructions for proxy configuration on all platforms
  

  1. In the SmartConsole:

     1. Open the Security Gateway object

     2. Go to Network Services pane

     3. In the Proxy section, configure the relevant proxy settings, and click on OK

        Example:
        

     4. Install policy

  2. • On Gaia OS - in Clish:

       1. Configure the proxy:
          HostName:0> set proxy ipv4-address http://PROXY_HOST port PROXY_PORT

       2. Save the configuration: HostName:0> save config

          On the Security Gateway machine:On Gaia OS - in Expert mode:

       1. In the $CPDIR/tmp/.CPprofile.sh script

          Add this line:
          http_proxy=http://USERNAME:PASSWORD@PROXY_HOST:PROXY_PORT ; export http_proxy

          (where "username" and "password" are the proxy credentials - only if needed)

          Under this line:
          INFODIR=/opt/CPinfo-10 ; export INFODIR

       2. Restart all Check Point services:
          [Expert@HostName]# cpstop ; cpstart

• Allowing upload of data to Check Point / download of data from Check Point

  Starting from R77.20, software can automatically upload the relevant data to Check Point / download the relevant data from Check Point.
  This behavior is controlled by the corresponding consent flags ("Allow Upload" / "Allow Download").

  By default, both consent flags are enabled (i.e., a machine that is connected to the Internet will communicate with Check Point servers).
  For more information, refer to sk111080 - How to configure Check Point software to upload data to Check Point / download data from Check Point.

  CPInfo utility (build 914000148 and higher) relies on these consent flags.

  • For the CPInfo utility to be able to download the self-update package:

    1. In SmartConsole, go to Application menu - click on Global Properties...
    2. Go to Security Management Access pane
    3. In the Internet Access section, check the box "Automatically download Contracts and other important data" - click on OK
    4. Install policy on all managed Security Gateways / Clusters

  • For the CPInfo utility to be able to upload files to Check Point:

    1. In SmartConsole, from top left corner, click Menu - click on Global properties.
    2. From the left tree, click Security Management Access.
    3. In the Internet Access section, check the box "Improve product experience by sending data to Check Point".
    4. Click OK.
    5. Install policy on all managed Security Gateways / Clusters.

    Note: If the machine is connected to the Internet, and the "Allow Upload" consent flag is enabled, then when running the CPInfo utility:

    • It will prompt the user for an SR Number (please provide an SR number or enter "s" to skip)
    • It will try to upload the collected CPInfo file without asking the user

Manual update of CPInfo in SmartConsole

1. 1. Run CPInfo installation on your SmartConsole client machine. If the CPInfo's latest build is already installed, you can skip this step.
      
      
   2. After installation, copy the following files to the SmartConsole client:
      
      C:\Program Files (x86)\CheckPoint\cpinfo\bin\cpinfo.exe
      C:\Program Files (x86)\CheckPoint\cpinfo\bin\data\ca_bundle.crt
      
      
   3. Go to the SmartConsole folder C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM
      
      
   4. Back up these files and replace them with the files you copied to the bin directory:
      
      C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\cpinfo.exe
      C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\data\ca-bundle.crt

Troubleshooting

Known Limitations

The following limitations are known with CPInfo utility: