cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

sk83520 how to check connectivity to CP

One of Dameon Welch Abernathy‌ favorite SKs Smiley Happy mine too.  I'm sure most have already written own check scripts, but if you have been too busy you may use this one. Output will look like this:

If needed you may chuck in --proxy <your proxy> option into curl_cli command.  Just didn't want to make it too complex - this is just a quick fix to verify HTTP/S connectivity towards various CP servers in seconds.

FYI, I noticed that "push.checkpoint.com" returns 403 Forbidden, so I left it as "NOK" for now - script will only accept 200 OK, 301 Moved and 302 Found as valid response

As you will notice, you can add your own URLs to be checked at the bottom if you wish. 

#!/bin/bash
check_url () {
result=" [ NOK ]"
name="$2 "
while [ ${#name} -lt 74 ]; do name="$name."; done
echo -en "$name "
if [ `curl_cli -Lisk $1 | head -1 | egrep -c "OK|Found|Moved"` -gt 0 ]; then result=" [ OK ]"; fi
echo $result
}

echo
echo "sk83520 How to verify that Security Gateway and/or Security Management Server can access Check Point servers"
echo

check_url 'http://cws.checkpoint.com/APPI/SystemStatus/type/short' 'Social Media Widget Detection'
check_url 'http://cws.checkpoint.com/URLF/SystemStatus/type/short' 'URL Filtering Cloud Categorization'
check_url 'http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short' 'Virus Detection'
check_url 'http://cws.checkpoint.com/Malware/SystemStatus/type/short' 'Bot Detection'
check_url 'https://updates.checkpoint.com/' 'IPS Updates'
check_url 'http://dl3.checkpoint.com' 'Download Service Updates '
check_url 'https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService' 'Contract Entitlement '
check_url 'https://usercenter.checkpoint.com/usercenter/services/BladesManagerService' 'Software Blades Manager Service'
check_url 'http://resolver1.chkp.ctmail.com' 'Suspicious Mail Outbreaks'
check_url 'http://download.ctmail.com' 'Anti-Spam'
check_url 'http://te.checkpoint.com' 'Threat Emulation'
check_url 'http://teadv.checkpoint.com' 'Threat Emulation Advanced'
check_url 'http://kav8.zonealarm.com/version.txt' 'Deep inspection'
check_url 'http://kav8.checkpoint.com' 'Traditional Anti-Virus'
check_url 'http://avupdates.checkpoint.com/UrlList.txt' 'Traditional Anti-Virus, Legacy URL Filtering'
check_url 'http://sigcheck.checkpoint.com/Siglist2.txt' 'Download of signature updates'
check_url 'http://secureupdates.checkpoint.com' 'Manage Security Gateways'
check_url 'https://productcoverage.checkpoint.com/ProductCoverageService' 'Makes sure the machines contracts are up-to-date'
check_url 'https://sc1.checkpoint.com/sc/images/checkmark.gif' 'Download of icons and screenshots from Check Point media storage s ervers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60342479_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60096017_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://push.checkpoint.com' 'Push Notifications '
check_url 'http://downloads.checkpoint.com' 'Download of Endpoint Compliance Updates'
7 Replies
Admin
Admin

Re: sk83520 how to check connectivity to CP

There's a reason this is one of my favorite SKs: I believe I originated it Smiley Happy

XBensemhoun
Silver

Re: sk83520 how to check connectivity to CP

Employee
Employee

Re: sk83520 how to check connectivity to CP

Hi,

how do you know 200 OK is necessarily means the service is ok ?

I mean what if http is 200 but XML returns service error or something ?

also, using grep on 'Found' prints OK also for 404 Not Found so you need to change your if statement to something like this:

if [ `curl_cli -Lisk $1 | head -1 | egrep "OK|Found|Moved" | egrep -c -v "Not Found"` -gt 0 ]; then result=" [ OK ]"; fi
echo $result

but i still found some FP using this script, see TE response for example which the script returns OK for it.

[Expert@Kings_Landing:0]# curl_cli -Lisk 'http://te.checkpoint.com'
HTTP/1.1 302 Found
Location: https://te.checkpoint.com/
Connection: close

HTTP/1.1 403 Forbidden
Date: Mon, 23 Apr 2018 08:37:07 GMT
Server: CPWS
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Set-Cookie: te_cookie=ANPHKIMA; Domain=te.checkpoint.com; Expires=Thu, 20-Apr-2028 08:51:56 GMT; Path=/

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:systems@us.checkpoint.com" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
body { color: #000000; background-color: #FFFFFF; }
a:link { color: #0000CC; }
p, address {margin-left: 3em;}
span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Access forbidden!</h1>
<p>


You don't have permission to access the requested directory.
There is either no index document or the directory is read-protected.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:systems@us.checkpoint.com">webmaster</a>.

</p>

<h2>Error 403</h2>
<address>
<a href="https://community.checkpoint.com/">te.checkpoint.com</a><br />

<span>Mon Apr 23 10:37:07 2018<br />
Apache</span>
</address>
</body>
</html>

0 Kudos
Admin
Admin

Re: sk83520 how to check connectivity to CP

I think if you get ANY response from it, you have connectivity (which is the main point of the SK).

If the services themselves aren't working, that's a different issue Smiley Happy

0 Kudos
Employee
Employee

Re: sk83520 how to check connectivity to CP

IMO, the OK here is abused since you get OK for both 403 and 404 so it's not so reliable.

if the tool is checking http level it should print http status code and reason instead of ok.

but that's just me... 🙂

0 Kudos
Admin
Admin

Re: sk83520 how to check connectivity to CP

A more consistent status code would be an improvement, I agree.

0 Kudos
Employee
Employee

Re: sk83520 how to check connectivity to CP

try this code, i added check to last HTTP response and if it's not 200 it print error with status code

#!/bin/bash
check_url () {
result=" [ ERROR ]"
name="$2 "
while [ ${#name} -lt 74 ]; do name="$name."; done
echo -en "$name "
response=$(curl_cli -LiskI $1 | grep "HTTP/1.1" | awk 'END { print }')
status=$(echo "${response}" | awk 'END { print $2 " " $3 " " $4}')
status_code=$(echo ${response} | awk '{ print $2 }')
if [ "${status_code}" != "200" ]; then
echo "${result} - Got HTTP ${status_code}"
else result=" [ OK ]"
echo "${result}"
fi
}

echo
echo "sk83520 How to verify that Security Gateway and/or Security Management Server can access Check Point servers"
echo

check_url 'http://cws.checkpoint.com/APPI/SystemStatus/type/short' 'Social Media Widget Detection'
check_url 'http://cws.checkpoint.com/URLF/SystemStatus/type/short' 'URL Filtering Cloud Categorization'
check_url 'http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short' 'Virus Detection'
check_url 'http://cws.checkpoint.com/Malware/SystemStatus/type/short' 'Bot Detection'
check_url 'https://updates.checkpoint.com/' 'IPS Updates'
check_url 'http://dl3.checkpoint.com' 'Download Service Updates '
check_url 'https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService' 'Contract Entitlement '
check_url 'https://usercenter.checkpoint.com/usercenter/services/BladesManagerService' 'Software Blades Manager Service'
check_url 'http://resolver1.chkp.ctmail.com' 'Suspicious Mail Outbreaks'
check_url 'http://download.ctmail.com' 'Anti-Spam'
check_url 'http://te.checkpoint.com' 'Threat Emulation'
check_url 'http://teadv.checkpoint.com' 'Threat Emulation Advanced'
check_url 'http://kav8.zonealarm.com/version.txt' 'Deep inspection'
check_url 'http://kav8.checkpoint.com' 'Traditional Anti-Virus'
check_url 'http://avupdates.checkpoint.com/UrlList.txt' 'Traditional Anti-Virus, Legacy URL Filtering'
check_url 'http://sigcheck.checkpoint.com/Siglist2.txt' 'Download of signature updates'
check_url 'http://secureupdates.checkpoint.com' 'Manage Security Gateways'
check_url 'https://productcoverage.checkpoint.com/ProductCoverageService' 'Makes sure the machines contracts are up-to-date'
check_url 'https://sc1.checkpoint.com/sc/images/checkmark.gif' 'Download of icons and screenshots from Check Point media storage s ervers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60342479_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60096017_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://push.checkpoint.com' 'Push Notifications '
check_url 'http://downloads.checkpoint.com' 'Download of Endpoint Compliance Updates'