Table of Contents:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the cp_uploader utility for uploading files to Check Point servers)
The CPinfo output file allows analyzing customer setups from a remote location. Check Point's support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and objects. This allows the in-depth analysis of all of customer configuration options and environment settings.
When contacting Check Point's support, collect cpinfo files from the Security Management and Security Gateways involved in your case.
CPinfo can be run from command line (on all versions) or via SmartUpdate (from R75.47 and above).
Using an HTTP proxy:
CPinfo uses HTTPS to update itself and upload files. This step is relevant for customers for which Internet access traffic is required to pass through an HTTP proxy server and that their Check Point Security Gateway / Security Management is not configured with such proxy (as described in Administration Guide). CPinfo will read the proxy configuration that was configured on the Security Gateway (either via SmartDashboard, or CLI).
The proxy can be configured either in SmartDashboard, or on the Security Gateway machine.
Show / Hide proxy configuration instructions for all platforms
- In the SmartDashboard - in the Security Gateway object (requires policy installation).
- On the Security Gateway machine:
- On Gaia OS - in Clish:
- Configure the proxy:
HostName> set proxy ipv4-address http://PROXY_HOST port PROXY_PORT
- Save the configuration:
HostName> save config
- On Gaia / SecurePlatform / IPSO OS - in Expert mode:
- In the
Add this line:
http_proxy=http://USERNAME:PASSWORD@PROXY_HOST:PROXY_PORT ; export http_proxy
username" and "
password" are the proxy credentials - only if needed)
Under this line:
INFODIR=/opt/CPinfo-10 ; export INFODIR
- Restart all Check Point services:
[Expert@HostName]# cpstop ; cpstart
- On Windows OS:
- Start - Run... -
"%WINDIR%\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables - OK
- Under '
System Variables' - click on '
- and click '
username" and "
password" are the proxy credentials - only if needed)
- Click on '
- Reboot the machine.
Note: To be able to download the latest cpinfo, enable the "Automatically download Contracts and other important data" option in the Security Management section of Global Properties (refer to sk94508):
The below command creates a gateway.cpinfo output file in /var/log/ directory. This file will include logs and will be gzipped:
cpinfo -z -l -o /var/log/gateway.cpinfo
- Upgrade Verification and Environment Simulation service: To allow users with older versions (R75.40 and above) to know if their system can be easily upgraded to R80, a new flag was added to CPinfo: -R.
When running cpinfo -R besides the regular data collection, CPinfo will run migrate_export or mds_export on pre-R80 machines (using a custom version of export tools) and will upload the output to a destination folder in Check Point FTP server. Both files will have a unique name consistent of a 10-digit number to match the CPinfo and the export files together, a counter (102 or 202) to state how many files were uploaded, the name of the machine and the time stamp. Once the files are uploaded they will be handled by R80 upgrade simulation service team.
For additional information regarding the -R flag, refer to sk110267.
The "-y" flag does not write its output to stderr or stdout, instead writing it directly to /dev/tty,. Therefore, it is suggested to use one of the below scripts:
# script -q -c 'cpinfo -y all' /dev/null | grep R77 > /var/log/List_of_Installed_Hotfixes.txt
# script -q -c 'cpinfo -y all' > /var/log/List_of_Installed_Hotfixes.txt
- The "-c" flag functionality now allows performing CPinfo (and MDS export collection on R80 or above) per certain Domain (CMA) without having to switch to it (from the Multi-Domain MDS environment)
CPinfo collects the entire Security Gateway installation directory, including
$FWDIR/log/* and other log files. Some of the other viewable information includes:
- System message logs
- Module version information
- Installed hotfixes information
- OS and network statistics
- Interfaces and devices information
- Various FW1 tables
- Configuration and database files
- Core dump files
|Supported Operating Systems
For Solaris and IPSO 3.x/4.x, refer to sk30567.
- IPSO 6.x
||DNS server must be configured on the machine, on which you run CPinfo
|Uploading CPinfo files to Check Point
||To upload CPinfo files to Check Point, the following ports should be open:
- For Authentication (HTTPS - port 443):
- File uploading (HTTPS - port 443, or SFTP - port 22):
First Time Installation Instructions
Downloading and updating CPinfo should be done once for version before R75.47, after the tool was updated, it will update itself.
For Gaia / SecurePlatform / Linux
Download the latest CPinfo utility from the table below:
Note: If the download of CPinfo utility is impossible, either install it from the
/sysimg/CPwrapper/linux/CPinfo/CPinfo-10-00.i386.rpm, or extract the
/linux/CPinfo/CPinfo-10-00.i386.rpm package from the CD.
Show / Hide the installation instructions for Gaia / SecurePlatform / Linux
Run the following commands from the directory where you put the downloaded file:
- Place the file in a temp directory on the target system.
- Go into that directory.
- Unpack the CPInfo package:
[Expert@HostName]# tar -xvzf cpinfo_<package_name>.tgz
- Install the CPInfo utility:
[Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm
- Log out from all shells on the target system.
- Log in to the shell before.
- Verify that the CPInfo utility was installed:
[Expert@HostName]# rpm -qa | grep CPinfo
Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the rpm database:
[Expert@HostName]# rpm -v --rebuilddb
- Check the build number of CPinfo utility:
[Expert@HostName]# cpvinfo /opt/CPinfo-10/bin/cpinfo | grep Build
Build Number' should be 9xxxxxxxxx. Note that usually the build number is mentioned in the archive file name.
Download the latest CPinfo utility for IPSO from the table below:
Show / Hide the installation instructions for IPSO
Installation in Voyager:
- Log into "Voyager".
- Copy the CPinfo package to the machine:
- Download the CPinfo package (the tgz file) to your local computer.
- Select 'Configuration' > 'System Configuration' > 'Packages' > 'Install Package'.
- In the 'Install Package from Remote' section choose 'Upload'.
- Click 'Choose file' and select the package from the local file system.
- Click 'Apply' at the bottom of the page and wait until upload process finishes (it can take a few minutes).
- Select the CPinfo version you wish to install and click 'Apply'.
- Click the "Click here to install/upgrade /opt/packages<package_name>.tgz" link.
- In the 'Package Installation and Upgrade' window, select the 'Install' checkbox and click 'Apply'.
- In the 'Manage Packages' window, verify that CPinfo is enabled.
Installation in Clish:
- Download the cpinfo_<cpinfo_build>.tgz file to the IPSO machine home directory.
- Place a copy of cpinfo_<cpinfo_build>.tgz file under /opt/packages/.
- Run the following commands:
clish -c "set config-lock on override"
clish -c "add package media local name cpinfo_<cpinfo_build>.tgz "
- Logout for the changes to take effect.
Download the latest CPinfo utility for Windows from the table below:
Install the downloaded package, following instructions in the Installation shield, then reboot the machine.
If it is not possible to uninstall the current version of CPinfo, refer to sk65030.
Here are the main benefits of using the CPinfo utility over SFTP:
- Authentication is using the customer UserCenter credentials
- Files are encrypted before leaving customers network
- Files are verified for MD5 and size
- Notification system on upload process
- Hold/resume features
- Built on top of HTTPS and SFTP protocols