CLI Syntax

Important:

• On 22 December 2019, the CPInfo package was replaced with build 914000202.
  
  

Syntax:

# cpinfo [-h] | [-v] | [-l] [-k] [-i] [-a | -d] [-D] [-x]
[-y all | <product>]
[-N | -V <days>] [-z] [-o <filename>]
[-n] [-f <FILE1> <FILE2> ... ] [-w <filename>]
[-s <SR_Number>]
[-u <username>] | [-K <CK_Number>]
[-c <DOMAIN1> <DOMAIN2> ... ]
[-e <e-mail>]
[-T <timeout>]
[-R <e-mail>]

Show / Hide the explanation about the flags

Argument	Description	Important Notes
none	Collect the CPInfo output file	The output file will be created in the current working directory under the name HostName_DD_MM_YYYY_HH_mm.info
-h	Display built-in help and exit
-v	Show CPInfo version and exit
-y all | <product>	Show installed hotfixes (either all, or for specific product)	Refer to sk83860
-l	Include export of $FWDIR/log/fw.log records in the CPInfo file	This will cause additional CPU load and memory consumption
-k	Include contents of FireWall and SecureXL kernel tables in the CPInfo file (outputs of fw tab -t <table>, fwaccel conns)	This will cause additional CPU load and memory consumption
-c <Domain_Name>	Generate CPInfo file for the specified Domain Management Server	Applies only to Multi-Domain Management Server Allows to collect CPInfo (and MDS export on R80 or above) per certain Domain without having to switch to its context
-o <filename>	Write the collected information into the specified output file	Creates output file named <filename>.info, unless this file extension was already specified If "-o" is not specified, then file named <HostName_DD_MM_YYYY_HH_mm.info> is created in the current working directory (example for file created on machine "R77.30-GW", on 05 Oct 2016, at 15h 04m - R77.30-GW_5_10_2016_15_04.info) Can be used in combination with "-z" Can be used in combination with "-i" Can NOT be used in combination with "-n"
-z	Compress the CPInfo output file	Used in combination with "-o" If the "Allow Upload" consent flag is enabled (sk111080), then the file is compressed by default (even without "-z")
-i	Non-interactive mode	CPInfo does not ask for the "SR Number" Can be used in shell scripts for automation Should be used in combination with "-n" or "-R" Can NOT be used in combination with "-a"
-a	Force the update check of CPInfo utility (by default, it is checked once a week)	Can NOT be used in combination with "-d" Can NOT be used in combination with "-i"
-d	Do not check for updates of CPInfo utility	Can NOT be used in combination with "-a"
-D	Do not upload files to Check Point	Can NOT be used in combination with "-f" or "-w" or "-e"
-n	Do not collect and create CPInfo file	Should be used in combination with "-f" or "-w" Can NOT be used in combination with "-o"
-f <file>	Upload additional files to Check Point cloud	Should be used in combination with "-n" and "-i" Either specify a single file: file Or specify multiple files: file1 file2 file3 ... (multiple files must be separated by spaces) Also refer to "-w" If the file to be uploaded is not compressed, then CPInfo utility will first compress it, and then upload it
-w <filename>	Specifies a file that contains a list of files to be uploaded to Check Point cloud	Used instead of "-f" Lines in this file must be separated by the "\n" character (press Enter after each line)
-s <SR_Number>	Specify the number of Service Request opened with Check Point Support	For example, -s 28-123456789
-u <username>	Connect to Check Point User Center with specified username	<username> is your e-mail used for User Center login User will be asked to enter a password If "-u" is not used, then CK of this machine is used for authentication Also refer to "-K <CK_Number>" cannot be used in combination with –i flag
-K <CK_Number>	Connect to Check Point User Center with specified CK Number	Used instead of "-u" Run the "cplic print" command and take only the hex digits after the "CK-" Exists since Build 914000164
-e <e-mail>	Specify the e-mails of people that should be notified about upload status	Either specify a single e-mail: user@exampledomain.com Or specify multiple e-mails: "user1@exampledomain.com;user2@exampledomain.com;..." must be enclosed in double-quotes must be separated by semi-colons
-T <timeout>	Specify the timeout (in seconds) for the commands executed by the CPInfo utility	Applies only to Gaia / SecurePlatform / IPSO / Linux OS Default timeout is 5 minutes (300 seconds) Value "0" means no timeout This does not apply to collection of the CPInfo output file itself
-R <e-mail>	R80.x upgrade simulation service mode	This argument was added in CPinfo build 914000128 Applies only to Security Management / Multi-Domain Management Server Collects relevant information for simulating an upgrade to R80.x Can only be used in combination with "-i" Requires e-mails to notify about upload status Either specify a single e-mail: user@exampledomain.com Or specify multiple e-mails: "user1@exampledomain.com;user2@exampledomain.com;..." must be enclosed in double-quotes must be separated by semi-colons This allow users of versions R75.40-R77.30 to check if their system can be easily upgraded to R80.x. Besides the regular data collection, CPInfo utility will export the relevant files (using a custom version of export tools) and will upload the output to a destination folder on Check Point FTP server. Both files will have a unique name consistent of a 10-digit number to match the CPInfo and the export files together, a counter (102 or 202) to state how many files were uploaded, the name of the machine and the time stamp. Once the files are uploaded, they will be handled by R80.x upgrade simulation service team. For additional information, refer to sk110267.
-x	Do not export the management database	Applies only to versions R80 or above On Security Management Server - will not collect migrate export On Multi-Domain Management Server - will not collect MDS export
-j <conf_file>	Create a CPInfo configuration file <conf_file>	Applies only to Windows OS Requires installed Check Point Software on this machine Can NOT be used in combination with "-n" Must wait for the CPInfo output file to be collected: CPInfo output file is collected, and name of each collected section / command / file is saved in this configuration file (which can be edited, so that irrelevant data is not collected)
-b	CPInfo will perform according to the configuration file that was created with "-j" (you can delete irrelevant lines from that file)	Applies only to Windows OS Requires installed Check Point Software on this machine
-g	Do not resolve network addresses	Applies only to Windows OS Requires installed Check Point Software on this machine
-F -r	Include the Windows Registry in the CPInfo file	Applies only to Windows OS "-F" exists since Build 914000164 "-r" exists in Build 914000158 and lower
-t	Output consists of tables only	Applies only to Windows OS Applies only to machine with installed SecureRemote client
-N	Reverts to current situation of uploading CPview of last day	It will still will be zipped together with .info file
-V <num_days>	Number of days of CPview history to be collected	0 days will result in no CPView database upload Negative / double number of days is not allowed Upon receiving num_days > 0, a warning will be printed that collection of CPView database might take a few minutes ("Collection process might take a few minutes. Please wait until the collection is done.") Combination of '-V' and '-N' flag is not allowed

Examples:

Show / Hide the examples

Note: Refer to explanations in the "Allowing upload of data to Check Point / download of data from Check Point" section.

#	What to do	How to do it
1	Generate the CPInfo file Create the file in the current working directory Use the default name Do not compress the output file The final file will be HostName_DD_MM_YYYY_HH_mm.info	# cpinfo
2	Generate the CPInfo file Create the file in the current working directory Use the default name Compress the output file The final file will be HostName_DD_MM_YYYY_HH_mm.info.gz	# cpinfo -z
3	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile with default extension .info Compress the output file The final file will be /var/tmp/myfile.info.gz	# cpinfo -z -o /var/tmp/myfile
4	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile with default extension .info Include export of $FWDIR/log/fw.log records Include contents of FireWall and SecureXL tables Compress the output file The final file will be /var/tmp/myfile.info.gz	# cpinfo -l -k -z -o /var/tmp/myfile
5	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Upload the output file to Check Point: log in with user@exampledomain.com upload to Service Request 28-123456789 The final file will be /var/tmp/myfile.cpinfo.gz	# cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789
6	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Upload the output file to Check Point: log in with CK-123456789000 upload to Service Request 28-123456789 The final file will be /var/tmp/myfile.cpinfo.gz	# cpinfo -z -o /var/tmp/myfile.cpinfo -K 123456789000 -s 28-123456789
7	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Upload the output file to Check Point: log in with user@exampledomain.com upload to Service Request 28-123456789 Notify people about upload status The final file will be /var/tmp/myfile.cpinfo.gz	# cpinfo -z -o /var/tmp/myfile.cpinfo -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
8	Generate the CPInfo file Create the file in the directory /var/tmp/ Use the file name myfile.cpinfo Compress the output file Do not prompt for an SR Number	# cpinfo -i -z -o /var/tmp/myfile.cpinfo
9	Do not generate the CPInfo file Upload the file /var/log/myfile.txt log in with user@exampledomain.com upload to Service Request 28-123456789 Notify people about upload status	# cpinfo -n -i -f /var/log/myfile.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
10	Do not generate the CPInfo file Upload all files listed in the /var/log/upload_these_files.txt log in with user@exampledomain.com upload to Service Request 28-123456789 Notify people about upload status	# cpinfo -n -i -w /var/log/upload_these_files.txt -u user@exampledomain.com -s 28-123456789 -e "user1@exampledomain.com;user2@exampledomain.com"
11	Create a CPInfo configuration file Note: Must wait for the CPInfo output file to be collected	# cpinfo -n -i -F -j C:\CPinfo_config.txt
12	To check the status of the CPView history daemon by running "/bin/cpview_start.sh history stat" (or "cpview history stat"). If daemon is on - we turn it off and then turn it on again once CPView processing is done

Data Collected

CPInfo collects the entire Security Gateway installation directory, including $FWDIR/log/* and other log files. Some of the other viewable information includes:

• System message logs
• Module version information
• Installed hotfixes information
• OS and network statistics
• Interfaces and devices information
• Various FW1 tables
• Configuration and database files
• Core dump files

System Requirements

DNS	DNS server must be configured on the machine, on which you run CPInfo
Uploading CPInfo files to Check Point	To upload CPInfo files to Check Point, the following ports should be open: For Authentication (HTTPS - port 443): services.checkpoint.com File uploading (HTTPS - port 443, or SFTP - port 22): ftp-proxy.checkpoint.com mercury.ts.checkpoint.com fairfax.ott.checkpoint.com

• Connecting through a Proxy

  This section is relevant for machines that access the Internet through an HTTP proxy server while Check Point Security Gateway / Security Management on that machine is not configured with such proxy (as described in Administration Guide).

  CPInfo utility updates itself and uploads files over HTTPS protocol.

  CPInfo utility will read the proxy configuration that was configured on the Security Gateway (either in SmartDashboard, or on CLI).

  The proxy can be configured either in SmartConsole, or on the Security Gateway machine.

  Show / Hide instructions for proxy configuration on all platforms
  

  1. In the SmartConsole:

     1. Open the Security Gateway object

     2. Go to Network Services pane

     3. In the Proxy section, configure the relevant proxy settings, and click on OK

        Example:
        

     4. Install policy

  2. • On Gaia OS - in Clish:

       1. Configure the proxy:
          HostName:0> set proxy ipv4-address http://PROXY_HOST port PROXY_PORT

       2. Save the configuration: HostName:0> save config

          On the Security Gateway machine:On Gaia OS - in Expert mode:

     • 1. In the $CPDIR/tmp/.CPprofile.sh script

          Add this line:
          http_proxy=http://USERNAME:PASSWORD@PROXY_HOST:PROXY_PORT ; export http_proxy

          (where "username" and "password" are the proxy credentials - only if needed)

          Under this line:
          INFODIR=/opt/CPinfo-10 ; export INFODIR

       2. Restart all Check Point services:
          [Expert@HostName]# cpstop ; cpstart

• Allowing upload of data to Check Point / download of data from Check Point

  Starting from R77.20, software is able to automatically upload the relevant data to Check Point / download the relevant data from Check Point.
  This behavior is controlled by the corresponding consent flags ("Allow Upload" / "Allow Download").

  By default, both consent flags are enabled (i.e., machine that is connected to the Internet will communicate with Check Point servers).
  For more information, refer to sk111080 - How to configure Check Point software to upload data to Check Point / download data from Check Point.

  CPInfo utility (build 914000148 and higher) relies on these consent flags.

  • For the CPInfo utility to be able to download the self-update package:

    1. In SmartConsole, go to Application menu - click on Global Properties...
    2. Go to Security Management Access pane
    3. In the Internet Access section, check the box "Automatically download Contracts and other important data" - click on OK
    4. Install policy on all managed Security Gateways / Clusters

  • For the CPInfo utility to be able to upload files to Check Point:

    1. In SmartConsole, go to Application menu - click on Global Properties...
    2. Go to Security Management Access pane
    3. In the Internet Access section, check the box "Improve product experience by sending data to Check Point" - click on OK
    4. Install policy on all managed Security Gateways / Clusters

    Note: If the machine is connected to the Internet, and the "Allow Upload" consent flag is enabled, then when running the CPInfo utility:

    • it will prompt the user for an SR Number (please provide an SR number or enter "s" to skip)
    • it will try to upload the collected CPInfo file without asking the user

First Time Installation Instructions and Downloads

• For Gaia OS using CPUSE

  
  
  Show / Hide the installation instructions for Gaia
  

  For detailed installation instructions, refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

  • Online installation in Gaia Portal:

    1. Connect to the Gaia Portal on your Check Point machine.
    2. Navigate to Upgrades (CPUSE) section (in Gaia OS R77.20 and higher) / to Software Updates section (in Gaia OS R77.10 and lower) - click on Status and Actions.
    3. Click on the filter button near the help icon and select All.
    4. Select the CPInfo package "Check Point CPinfo build <Number> for <Version>" - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
    5. Select the CPInfo package - click on Install Update button on the toolbar.
    6. Reboot is not required.
    7. Check the build number of CPInfo utility:
       Connect to the command line and run:
       [Expert@HostName:0]# cpinfo -v
       The output should be:
       This is Check Point CPinfo Build 914000xxx for GAIA

  • Online installation in Gaia Clish:

    1. Connect to command line on Gaia OS.
    2. Log in to Clish.
    3. Acquire the lock over Gaia configuration database:
       HostName:0> lock database override
    4. Check the available packages:
       Note: Refer to the top section "Hotfixes" - refer to "Check Point CPinfo build <Number> for <Version>"
       HostName:0> show installer packages available-for-download
    5. Verify that this package can be installed without conflicts:
       HostName:0> installer verify <Package_Number>
    6. Download the hotfix package from the Check Point Cloud:
       HostName:0> installer download <Package_Number>
    7. Show the downloaded packages:
       HostName:0> show installer packages downloaded
    8. Install the downloaded package:
       HostName:0> installer install <Package_Number>
       Note: The progress (in per cent) will be displayed in Clish.
    9. Reboot is not required.
    10. Check the build number of CPInfo utility:
        Connect to the command line and run:
        HostName:0> cpinfo -v
        The output should be:
        This is Check Point CPinfo Build 914000xxx for GAIA

  Notes:

  • The CPInfo utility will be installed into /opt/CPinfo-10/ directory
  • The installation log file is /opt/CPInstLog/install_status.log
    (in addition, refer to /opt/CPInstLog/install_cpinfo_10.elg)
  • The CPInfo installation directory will automatically be added to the $PATH environment variable
  
  
  

• For Gaia OS using Legacy CLI

  Download the latest CPInfo utility from the table below:

  Platform	Product Version	Download CPInfo
  CPInfo for Gaia OS	R80.x	(TGZ)
  	R80	(TGZ)

  Note: If the download of CPInfo utility is impossible, either install it from the /sysimg/CPwrapper/linux/CPinfo/CPinfo-10-00.i386.rpm, or extract the /linux/CPinfo/CPinfo-10-00.i386.rpm package from the CD.

  • Show / Hide the installation instructions for Gaia OS with Check Point software
    

    Run the following commands from the directory where you put the downloaded file:

    1. Place the file in a temp directory on the target system.

    2. Go into that directory.

    3. Unpack the CPInfo package:
       [Expert@HostName]# tar -xvzf cpinfo_<package_name>.tgz

    4. Install the CPInfo utility:
       [Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm

       Notes:

       • The CPInfo utility will be installed into /opt/CPinfo-10/ directory
       • The installation log file is /opt/CPInstLog/install_status.log
         (in addition, refer to /opt/CPInstLog/install_cpinfo_10.elg)
       • The CPInfo installation directory will automatically be added to the $PATH environment variable

    5. Log out from all shells on the target system.

    6. Log in to the shell before.

    7. Verify that the CPInfo utility was installed:
       [Expert@HostName]# rpm -qa | grep CPinfo

       Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the RPM database:
       [Expert@HostName]# rpm -v --rebuilddb

    8. Check the build number of CPInfo utility:

       • Either run:

         [Expert@HostName]# cpinfo

         The output should be:

         This is Check Point CPinfo Build 914000xxx for GAIA

         Verifying CK...

       • Or run:

         [Expert@HostName]# cpinfo -v

         The output should be:

         This is Check Point CPinfo Build 914000xxx for GAIA

    
    
    

Manual update of CPInfo in SmartConsole

1. Run CPInfo installation on your SmartConsole client machine. If the CPInfo latest build is already installed, you can skip this step.
   
   
2. After installation, copy the following files files to the SmartConsole client:
   
   C:\Program Files (x86)\CheckPoint\cpinfo\bin\cpinfo.exe
   C:\Program Files (x86)\CheckPoint\cpinfo\bin\data\ca_bundle.crt
   
   
3. Go to the SmartConsole folder C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM
   
   
4. Backup the following files and replace them with the files you copied to the bin directory:
   
   C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\cpinfo.exe
   C:\Program Files (x86)\CheckPoint\SmartConsole\<version>\PROGRAM\data\ca-bundle.crt

Troubleshooting

Known Limitations

The following limitations are known with CPInfo utility: