Support Center > Search Results > SecureKnowledge Details
The CPinfo utility

Table of Contents:

  • Introduction
  • Usage Instructions
  • CLI Syntax
  • Data Collected
  • System Requirements
  • First Time Installation Instructions
  • Additional clarifications
  • Known Limitations



CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the cp_uploader utility for uploading files to Check Point servers)

The CPinfo output file allows analyzing customer setups from a remote location. Check Point's support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and objects. This allows the in-depth analysis of all of customer configuration options and environment settings.

When contacting Check Point's support, collect cpinfo files from the Security Management and Security Gateways involved in your case.


Usage Instructions

CPinfo can be run from command line (on all versions) or via SmartUpdate (from R75.47 and above).

CLI SmartUpdate
  • On Gaia OS: run cpinfo [flags] in Clish or in Expert mode
  • On SecurePlatform OS: run cpinfo [flags] in Expert mode
  • On Linux OS: run cpinfo [flags] on CLI
  • On IPSO OS: run cpinfo [flags] on CLI
  • On Windows OS: run cpinfo [flags] in Windows Command Prompt
  • On all versions, run cpinfo -h to see additional help
  1. Right-click the Security Gateway / Security Management object, from which you want to collect the CPinfo.
  2. Select "Upload diagnostics (CPinfo) to Check Point".
  3. Enter your User Center credentials, SR number, and click OK.


Using an HTTP proxy:

CPinfo uses HTTPS to update itself and upload files. This step is relevant for customers for which Internet access traffic is required to pass through an HTTP proxy server and that their Check Point Security Gateway / Security Management is not configured with such proxy (as described in Administration Guide). CPinfo will read the proxy configuration that was configured on the Security Gateway (either via SmartDashboard, or CLI).

The proxy can be configured either in SmartDashboard, or on the Security Gateway machine.

Show / Hide proxy configuration instructions for all platforms
  1. In the SmartDashboard - in the Security Gateway object (requires policy installation).

  2. On the Security Gateway machine:

    • On Gaia OS - in Clish:

      1. Configure the proxy:
        HostName> set proxy ipv4-address http://PROXY_HOST port PROXY_PORT

      2. Save the configuration:
        HostName> save config

    • On Gaia / SecurePlatform / IPSO OS - in Expert mode:

      1. In the $CPDIR/tmp/ script

        Add this line:
        http_proxy=http://USERNAME:PASSWORD@PROXY_HOST:PROXY_PORT ; export http_proxy

        (where "username" and "password" are the proxy credentials - only if needed)

        Under this line:
        INFODIR=/opt/CPinfo-10 ; export INFODIR

      2. Restart all Check Point services:
        [Expert@HostName]# cpstop ; cpstart

    • On Windows OS:

      1. Start - Run... - "%WINDIR%\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables - OK

      2. Under 'System Variables' - click on 'New...'

        • name: http_proxy
        • and click 'OK'
        (where "username" and "password" are the proxy credentials - only if needed)

      3. Click on 'OK'.

      4. Reboot the machine.

Note: To be able to download the latest cpinfo, enable the "Automatically download Contracts and other important data" option in the Security Management section of Global Properties (refer to sk94508):


CLI Syntax

  • On Gaia / SecurePlatform / IPSO / Linux OS:

  • On Windows OS:


The below command creates a gateway.cpinfo output file in /var/log/ directory. This file will include logs and will be gzipped:

cpinfo -z -l -o /var/log/gateway.cpinfo


  • Upgrade Verification and Environment Simulation service: To allow users with older versions (R75.40 and above) to know if their system can be easily upgraded to R80, a new flag was added to CPinfo: -R.

    When running cpinfo -R besides the regular data collection, CPinfo will run migrate_export or mds_export on pre-R80 machines (using a custom version of export tools) and will upload the output to a destination folder in Check Point FTP server. Both files will have a unique name consistent of a 10-digit number to match the CPinfo and the export files together, a counter (102 or 202) to state how many files were uploaded, the name of the machine and the time stamp. Once the files are uploaded they will be handled by R80 upgrade simulation service team.
    For additional information regarding the -R flag, refer to sk110267.

  • The "-y" flag does not write its output to stderr or stdout, instead writing it directly to /dev/tty,. Therefore, it is suggested to use one of the below scripts:

    • Either:
      # script -q -c 'cpinfo -y all' /dev/null | grep R77 > /var/log/List_of_Installed_Hotfixes.txt
    • Or:
      # script -q -c 'cpinfo -y all' > /var/log/List_of_Installed_Hotfixes.txt

  • The "-c" flag functionality now allows performing CPinfo (and MDS export collection on R80 or above) per certain Domain (CMA) without having to switch to it (from the Multi-Domain MDS environment)


Data Collected

CPinfo collects the entire Security Gateway installation directory, including $FWDIR/log/* and other log files. Some of the other viewable information includes:

  • System message logs
  • Module version information
  • Installed hotfixes information
  • OS and network statistics
  • Interfaces and devices information
  • Various FW1 tables
  • Configuration and database files
  • Core dump files


System Requirements

Supported Operating Systems
  • Gaia
  • SecurePlatform
  • Linux
  • IPSO 6.x
  • Windows
For Solaris and IPSO 3.x/4.x, refer to sk30567.
Supported versions All
DNS DNS server must be configured on the machine, on which you run CPinfo
Uploading CPinfo files to Check Point To upload CPinfo files to Check Point, the following ports should be open:
  • For Authentication (HTTPS - port 443):
  • File uploading (HTTPS - port 443, or SFTP - port 22):


First Time Installation Instructions

Downloading and updating CPinfo should be done once for version before R75.47, after the tool was updated, it will update itself.

  • For Gaia / SecurePlatform / Linux

    Download the latest CPinfo utility from the table below:

    Platform Version Download
    CPinfo for Gaia / SecurePlatform / Linux OS Pre-R80
    CPinfo for Gaia / SecurePlatform / Linux OS R80

    Note: If the download of CPinfo utility is impossible, either install it from the /sysimg/CPwrapper/linux/CPinfo/CPinfo-10-00.i386.rpm, or extract the /linux/CPinfo/CPinfo-10-00.i386.rpm package from the CD.

    Show / Hide the installation instructions for Gaia / SecurePlatform / Linux

    Run the following commands from the directory where you put the downloaded file:

    1. Place the file in a temp directory on the target system.

    2. Go into that directory.

    3. Unpack the CPInfo package:
      [Expert@HostName]# tar -xvzf cpinfo_<package_name>.tgz

    4. Install the CPInfo utility:
      [Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm

    5. Log out from all shells on the target system.

    6. Log in to the shell before.

    7. Verify that the CPInfo utility was installed:
      [Expert@HostName]# rpm -qa | grep CPinfo

      Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the rpm database:
      [Expert@HostName]# rpm -v --rebuilddb

    8. Check the build number of CPinfo utility:
      [Expert@HostName]# cpvinfo /opt/CPinfo-10/bin/cpinfo | grep Build

      The 'Build Number' should be 9xxxxxxxxx. Note that usually the build number is mentioned in the archive file name.

  • For IPSO

    Download the latest CPinfo utility for IPSO from the table below:

    Platform Version Download
    CPinfo for IPSO OS Pre-R80

    • Show / Hide the installation instructions for IPSO
      • Installation in Voyager:

        1. Log into "Voyager".
        2. Copy the CPinfo package to the machine:
          1. Download the CPinfo package (the tgz file) to your local computer.
          2. Select 'Configuration' > 'System Configuration' > 'Packages' > 'Install Package'.
          3. In the 'Install Package from Remote' section choose 'Upload'.
          4. Click 'Choose file' and select the package from the local file system.
          5. Click 'Apply' at the bottom of the page and wait until upload process finishes (it can take a few minutes).
        3. Select the CPinfo version you wish to install and click 'Apply'.
        4. Click the "Click here to install/upgrade /opt/packages<package_name>.tgz" link.
        5. In the 'Package Installation and Upgrade' window, select the 'Install' checkbox and click 'Apply'.
        6. In the 'Manage Packages' window, verify that CPinfo is enabled.
      • Installation in Clish:

        1. Download the cpinfo_<cpinfo_build>.tgz file to the IPSO machine home directory.
        2. Place a copy of cpinfo_<cpinfo_build>.tgz file under /opt/packages/.
        3. Run the following commands:
          cd /opt/packages
          clish -c "set config-lock on override"
          clish -c "add package media local name cpinfo_<cpinfo_build>.tgz "
        4. Logout for the changes to take effect.
    • Show / Hide the uninstall instructions for IPSO
      1. Run the following commands:
        clish -c "set package name /opt/CPinfo-10 off"
        clish -c "delete package name /opt/CPinfo-10"
      2. Logout.

  • For Windows

    Download the latest CPinfo utility for Windows from the table below:

    Platform Version Download
    CPinfo for Windows OS Pre-R80

    Install the downloaded package, following instructions in the Installation shield, then reboot the machine.
    If it is not possible to uninstall the current version of CPinfo, refer to sk65030.


Additional clarifications

Here are the main benefits of using the CPinfo utility over SFTP:

  • Authentication is using the customer UserCenter credentials
  • Files are encrypted before leaving customer¬ís network
  • Files are verified for MD5 and size
  • Notification system on upload process
  • Hold/resume features
  • Built on top of HTTPS and SFTP protocols


Known Limitations

# Symptoms

CPinfo self-update for builds 914000112-914000128 fails with the following error:

Downloaded package verification failed
Error: Wrong update package format!
CPinfo update failed, using existing package

Refer to sk110788

2 Auto update on Windows OS in Command Prompt will require manual trigger of Install Shield.
3 Files that contain '/' or '\' in their name, which is not according to the OS, on which the CPinfo tool is running ('/' on Windows and '\' on all the rest of OS), cannot be uploaded to Check Point servers.>

  • On Linux-based OS:
    • Uploading \directory\demofile.txt will be blocked
    • Uploading /directory/demofile.txt will be processed successfully
  • On Windows OS:
    • Uploading C:/demofile.txt will be blocked
    • Uploading C:\demofile.txt will be processed successfully
4 The following operating system are not supported:
  • IPSO 3.X
  • IPSO 4.X
  • Solaris OS

Refer to sk30567

Give us Feedback
Please rate this document