Security Checkup

Cloud Service
How to send Security Gateways
log file to the Check Point Cloud

Security Checkup Cloud Service

Introduction
The goal of Security Checkup Cloud service is to make the process of running a Security Checkup easier for
our Partners and SEs. In this service, Security Checkup reports are being generated in Check Points cloud
instead of on partners/SEs on-site monitoring device.
This service allows a Check Point partner or a SE to send the Security Gateways log file/s to the Check
Point Cloud using an automated tool after monitoring is done. The report will then be generated in the Check
Point Cloud, analyzed and reviewed by Check Points experts and then sent back to the Partner/SE.
This process will require 3 steps to be taken from partner/SE side which will be described in this document:

Building Setup & Monitoring traffic

Installing CPinfo tool

Uploading log file/s to the Check Point Cloud

System Requirements
Component

Operating System

R75.45 and above Security Gateway and Security Management Server

installed (SmartEvent Server is not required)

SecurePlatform, Gaia

Building Setup & Monitoring traffic

Set up a Check Point Standalone gateway with relevant Security Blades and Management activated. There
is no need to install SmartEvent server. For best practices on how to configure the security policy please
refer to sk88980.
Important note: To maximize performance, do not log FW blade activity. In FW blade policy tab set Track
as None. If your log file already includes FW blade logs see Removing FW Blade logs from log file
section below for instructions how to remove them.
Plug the device into the customer network to inspect mirrored or inline traffic (recommended monitoring
duration: at least 1 week)

Installing CPinfo tool

Download
Download Security Checkup Cloud Service package:

http://supportcontent.checkpoint.com/file_download?id=34028
Extract the .zip file which includes the CPinfo tool
cpinfo_912000029_1.gz (3.35MB) MD5: 958b492921a5dbf916a8c90af22a6dd2

Installation
Run the following commands from the directory where you put the downloaded file:
1. Place the CPinfo file in a temp directory on the target system.
2. Go into that directory.
3. Unpack the CPInfo package:
[Expert@HostName]# tar -xvzf cpinfo_X.tgz
4. Install the CPInfo utility:

How to send Security Gateway log files to the Check Point Cloud

Page 2

Security Checkup Cloud Service

[Expert@HostName]# rpm -Uvh --force CPinfo-10-00.i386.rpm

5. Log out from all shells on the target system.
6. Log in to the shell before.
7. Verify that the CPInfo utility was installed:
[Expert@HostName]# rpm -qa | grep CPinfo
Note: If the CPinfo-10-00 package does not appear in the output, try to rebuild the rpm database:
[Expert@HostName]# rpm -v --rebuilddb
8. Check the build number of CPinfo utility:
[Expert@HostName]# cpvinfo /opt/CPinfo-10/bin/cpinfo | grep Build
The 'Build Number' should be 9120000xxx. Note that usually the build number is mentioned in the archive
file name.

Uploading log files to the Check Point

Cloud
Before uploading
To maximize performance, do not log FW blade activity. In FW blade policy tab set Track as None. If your
log file already includes FW blade logs see Removing FW Blade logs from log file section below for
instructions how to remove them.
Before uploading, configured DNS on the machine you run CPinfo on and make sure the following ports are
open:

For Authentication (HTTPS - port 443): services.checkpoint.com

File uploading (HTTPS - port 443, or SFTP - port 22):
ftp-proxy.checkpoint.com,mercury.ts.checkpoint.com, fairfax.ott.checkpoint.com

Upload
Run the following command to upload:
[Expert@HostName]# cpinfo -n -e 3dcloudservice@michael.checkpoint.com u <User
Center/PartnerMAP user name> -f [<$FWDIR/log/Log_File_Name1.log>
<$FWDIR/log/Log_File_Name2.log>... ]
Example:
[Expert@HostName]# cpinfo -n -e 3dcloudservice@michael.checkpoint.com u johnsmith@myemail.com -f
$FWDIR/log/fw.log
It is mandatory to enter User Center/PartnerMAP password for authentication process. Without it we will not
be able to generate report.
Note: upload duration is dependent on the log file size and the internet connectivity. Max upload size is
15GB.

Removing FW Blade logs from log file

1. Login to the system using SmartView Tracker. File > Open choose the log file.
2. Under Network & Endpoint pane open Network & Endpoint queries > Predefined > All Records
3. On the Prd. (Product) column right click Edit Filter
4. Add: Application Control, URL Filtering, IPS Software Blade, Identity Awareness, DLP, Anti-Virus,
Anti-Bot, Threat Emulation (supported from R77).

How to send Security Gateway log files to the Check Point Cloud

Page 3

Security Checkup Cloud Service

5. Click OK
6. File-->Save As name the new log file. This log file will include no FW Blade logs.

How to send Security Gateway log files to the Check Point Cloud

Page 4