Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gaurav_Pandya
Advisor

Healthcheck Script

Hi All,

There is readily available script for Gaia based system on checkpoint. It checks almost all parameters. May be some are aware of this but who are unaware, it is very useful script.

You can refer sk121447 and download the readily available Health check Script. It is very useful and measure all the required parameters.

Hope This will be helpful.

27 Replies
Timothy_Hall
Champion
Champion

Yep healthcheck.sh is definitely a great tool.  A picture is worth a thousand words, so here are a few screenshots of it from the second edition of my book:

healthcheck.sh

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Gaurav_Pandya
Advisor

Yeah. I have started to run this script on our some of the firewall to health check. It gives all information with nice look.

0 Kudos
rajesh_s
Contributor

Can we run health check commend in production hour?. Because warring about memory and cpu utilization.

0 Kudos
Kane
Explorer

Thanks Timothy, 

The current book is quite useful as well. Cant wait for the next one.

Evan_Fisher
Participant

Great tool. I didn't know my CPUSE was out of date until I ran the tool. Very useful!

0 Kudos
Gaurav_Pandya
Advisor

Yeah.

It also gives sk number as well to rectify/update the things

0 Kudos
Danny
Champion Champion
Champion

Thanks Nathan Davieau and Rosemarie Rodriguez‌ for this useful utility. We are looking forward to new additions, such as load and VPN statistics etc. I would like if this community could help making the script better and better. My colleagues are already asking to fork the script to add more functions to it.

Rosemarie_Rodri
Employee Alumnus
Employee Alumnus

Thank you! We'll continue to improve it. We'll see what we can do in regards to the requests for new additions.

XBensemhoun
Employee
Employee

Hi Rosemarie Rodriguez‌, if you think it should be a healthy check to verify if a Security Gateway is installation target of multiple policy packages (I was confronted with this situation and hopefully... more fear than harm), I've created https://community.checkpoint.com/docs/DOC-2624 which can verify that on a R77.* SMS (using dbedit).

Information Security enthusiast, CISSP, CCSP
0 Kudos
XBensemhoun
Employee
Employee

Do you know how to propose new things to check ? I've created https://community.checkpoint.com/docs/DOC-2624 to verify if firewall(s) is/are installation target(s) of multiple policy packages (based on real story...). I assume that could be a healthy test on any environment with lot of firewalls and policy packages ?

Information Security enthusiast, CISSP, CCSP
0 Kudos
Gaurav_Pandya
Advisor

Hi Xavier,

I have not customized any script but you can check with Rosemarie for more information. May be also you can edit the healthcheck.sh file and put your content on it.

Arne_Boettger
Collaborator

Hello,

I tried the latest version of the healthcheck.sh script on our vsx cluster of three vsls Members. Unfortunately, Output for the "Backup" member is mangled (see below).

Does anyone know who to turn to for bug reports?

regards, Arne

Danny
Champion Champion
Champion

You can write a comment in sk121447 or open a support ticket with TAC. Unfortunately the only updates Check Point has provided to the script since last year were just CPInfo version number updates, no real code improvements or additions. Maybe your request will make the script to receive further development and love from Check Point.

XBensemhoun
Employee
Employee

Hi Rosemarie Rodriguez, will you be able to take care of every modification Check Mates proposed on this thread? That's important for us Smiley Happy Thanks in advance.

Information Security enthusiast, CISSP, CCSP
0 Kudos
Nathan_Davieau
Employee
Employee

Do you still have this issue with the latest version?

0 Kudos
Arne_Boettger
Collaborator

Hello,

 

I just verified the latest version on our R80.20 VSX Cluster of three members with VSLS. It still reports the same error for the Backup member:

Current Script Release: 6.11 04-25-2019

Virtual System 10
Context is set to Virtual Device ******** (ID 10).
+-----------------------+-------------------------------+---------------+
| Category | Title | Result |
+=======================+===============================+===============+
| VSX | SIC Status | OK |
| | Security Policy | OK |
+-----------------------+-------------------------------+---------------+
| Fragments | Fragments | OK |
+-----------------------+-------------------------------+---------------+
| Connections Table | Peak Connections | OK |
| | Current Connections | OK |
| | NAT Connections | OK |
+-----------------------+-------------------------------+---------------+
| ClusterXL | Cluster Status | WARNING |
./healthcheck.sh: line 2746: printf: `B': invalid format character
./healthcheck.sh: line 2747: printf: `B': invalid format character
| | Problem Notifications | WARNING |
| | Sync Status | OK |
| | Number of Sync Interfaces | OK |
| | Cluster Failovers | OK |
+-----------------------+-------------------------------+---------------+
| SecureXL | SecureXL Status | OK |
| | Accept Templates | WARNING |
| | Drop Templates | INFO |
| | Aggressive Aging | OK |
+-----------------------+-------------------------------+---------------+
| Logging | Local Logging | OK |
+-----------------------+-------------------------------+---------------+

[Expert@********:10]# cphaprob stat

Cluster Mode: Virtual System Load Sharing

ID Unique Address Assigned Load State Name

1 x.y.z.241 0% STANDBY
2 (local) x.y.z.242 0% BACKUP
3 x.y.z.243 100% ACTIVE

 

0 Kudos
Huseyin_Rencber
Collaborator

Hi, is there a way run that kind of health check script in chassis family (41K & 61K). There is a limitation for this script written in sk121447

0 Kudos
Gaurav_Pandya
Advisor

Yeah. There is limitations. May be developer team will take care this in future. 

ihenock101
Collaborator

hi @Gaurav_Pandya the health check script (healthcheck.sh) is no more available in sk121447 where do I get it ?

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi - this is the direct link
https://support.checkpoint.com/results/download/59369

 

There's also HealthCheck Point:

https://support.checkpoint.com/results/sk/sk171436

 

0 Kudos
ihenock101
Collaborator

cp-healthcheck.jpg

0 Kudos
_Val_
Admin
Admin

The first link only works if you are already logged into the support site. go to support.checkpoint.com, log in with your UC account and try it again.

0 Kudos
ihenock101
Collaborator

Yea I did that but error 404 is coming.

0 Kudos
_Val_
Admin
Admin

Then try from the first link, and/or remove browser cache & cookies. It should work. I re-checked twice, the link is operational

0 Kudos
ihenock101
Collaborator

can you please attach the script for me here. I think it is the ISP blocks some of links so we need to use proxies to access.

0 Kudos
PhoneBoy
Admin
Admin

Many downloads from SupportCenter will return a 404 if you do not have Software Subscription associated with your account.
Please check this and consult with your local Check Point office for further assistance.

0 Kudos
Bob_Zimmerman
Authority
Authority

I have diamond support and the link is still 404 for me, even when loading the link from a session where I just logged in with my work User Center account.

Separately, 404 is objectively the wrong error code for that. 403 is right there.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events