Re: Healthcheck Script

Gaurav_Pandya · ‎2017-12-26

Hi All,

There is readily available script for Gaia based system on checkpoint. It checks almost all parameters. May be some are aware of this but who are unaware, it is very useful script.

You can refer sk121447 and download the readily available Health check Script. It is very useful and measure all the required parameters.

Hope This will be helpful.

Timothy_Hall · ‎2017-12-26

Yep healthcheck.sh is definitely a great tool. A picture is worth a thousand words, so here are a few screenshots of it from the second edition of my book:

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Gaurav_Pandya · ‎2017-12-26

Yeah. I have started to run this script on our some of the firewall to health check. It gives all information with nice look.

rajesh_s · ‎2019-09-20

Can we run health check commend in production hour?. Because warring about memory and cpu utilization.

Kane · ‎2019-10-24

Thanks Timothy,

The current book is quite useful as well. Cant wait for the next one.

Evan_Fisher · ‎2017-12-28

Great tool. I didn't know my CPUSE was out of date until I ran the tool. Very useful!

Gaurav_Pandya · ‎2017-12-28

Yeah.

It also gives sk number as well to rectify/update the things

Danny · ‎2018-02-06

Thanks Nathan Davieau and Rosemarie Rodriguez‌ for this useful utility. We are looking forward to new additions, such as load and VPN statistics etc. I would like if this community could help making the script better and better. My colleagues are already asking to fork the script to add more functions to it.

Rosemarie_Rodri · ‎2018-02-06

Thank you! We'll continue to improve it. We'll see what we can do in regards to the requests for new additions.

XavierBens · ‎2018-02-12

Hi Rosemarie Rodriguez‌, if you think it should be a healthy check to verify if a Security Gateway is installation target of multiple policy packages (I was confronted with this situation and hopefully... more fear than harm), I've created https://community.checkpoint.com/docs/DOC-2624 which can verify that on a R77.* SMS (using dbedit).

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite

XavierBens · ‎2018-02-11

Do you know how to propose new things to check ? I've created https://community.checkpoint.com/docs/DOC-2624 to verify if firewall(s) is/are installation target(s) of multiple policy packages (based on real story...). I assume that could be a healthy test on any environment with lot of firewalls and policy packages ?

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite

Gaurav_Pandya · ‎2018-02-12

Hi Xavier,

I have not customized any script but you can check with Rosemarie for more information. May be also you can edit the healthcheck.sh file and put your content on it.

Arne_Boettger · ‎2018-06-14

Hello,

I tried the latest version of the healthcheck.sh script on our vsx cluster of three vsls Members. Unfortunately, Output for the "Backup" member is mangled (see below).

Does anyone know who to turn to for bug reports?

regards, Arne

Danny · ‎2018-06-14

You can write a comment in sk121447 or open a support ticket with TAC. Unfortunately the only updates Check Point has provided to the script since last year were just CPInfo version number updates, no real code improvements or additions. Maybe your request will make the script to receive further development and love from Check Point.

XavierBens · ‎2018-06-15

Hi Rosemarie Rodriguez, will you be able to take care of every modification Check Mates proposed on this thread? That's important for us Thanks in advance.

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite

Nathan_Davieau · ‎2019-01-09

Do you still have this issue with the latest version?

Arne_Boettger · ‎2019-04-30

Hello,

I just verified the latest version on our R80.20 VSX Cluster of three members with VSLS. It still reports the same error for the Backup member:

Current Script Release: 6.11 04-25-2019

[Expert@********:10]# cphaprob stat

Cluster Mode: Virtual System Load Sharing

ID Unique Address Assigned Load State Name

1 x.y.z.241 0% STANDBY
2 (local) x.y.z.242 0% BACKUP
3 x.y.z.243 100% ACTIVE

Huseyin_Rencber · ‎2018-06-15

Hi, is there a way run that kind of health check script in chassis family (41K & 61K). There is a limitation for this script written in sk121447

Gaurav_Pandya · ‎2018-06-15

Yeah. There is limitations. May be developer team will take care this in future.

ihenock101 · ‎2023-07-06

hi @Gaurav_Pandya the health check script (healthcheck.sh) is no more available in sk121447 where do I get it ?

Tal_Paz-Fridman · ‎2023-07-06

Hi - this is the direct link
https://support.checkpoint.com/results/download/59369

There's also HealthCheck Point:

https://support.checkpoint.com/results/sk/sk171436

ihenock101 · ‎2023-07-06

_Val_ · ‎2023-07-06

The first link only works if you are already logged into the support site. go to support.checkpoint.com, log in with your UC account and try it again.

ihenock101 · ‎2023-07-06

Yea I did that but error 404 is coming.

_Val_ · ‎2023-07-06

Then try from the first link, and/or remove browser cache & cookies. It should work. I re-checked twice, the link is operational

ihenock101 · ‎2023-07-06

can you please attach the script for me here. I think it is the ISP blocks some of links so we need to use proxies to access.

PhoneBoy · ‎2023-07-06

Many downloads from SupportCenter will return a 404 if you do not have Software Subscription associated with your account.
Please check this and consult with your local Check Point office for further assistance.

Bob_Zimmerman · ‎2023-07-06

I have diamond support and the link is still 404 for me, even when loading the link from a session where I just logged in with my work User Center account.

Separately, 404 is objectively the wrong error code for that. 403 is right there.

Are you a member of CheckMates?

Healthcheck Script