- CheckMates
- :
- Products
- :
- General Topics
- :
- Healthcheck Script
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Healthcheck Script
Hi All,
There is readily available script for Gaia based system on checkpoint. It checks almost all parameters. May be some are aware of this but who are unaware, it is very useful script.
You can refer sk121447 and download the readily available Health check Script. It is very useful and measure all the required parameters.
Hope This will be helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep healthcheck.sh is definitely a great tool. A picture is worth a thousand words, so here are a few screenshots of it from the second edition of my book:
--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah. I have started to run this script on our some of the firewall to health check. It gives all information with nice look.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we run health check commend in production hour?. Because warring about memory and cpu utilization.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Timothy,
The current book is quite useful as well. Cant wait for the next one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great tool. I didn't know my CPUSE was out of date until I ran the tool. Very useful!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah.
It also gives sk number as well to rectify/update the things
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Nathan Davieau and Rosemarie Rodriguez for this useful utility. We are looking forward to new additions, such as load and VPN statistics etc. I would like if this community could help making the script better and better. My colleagues are already asking to fork the script to add more functions to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you! We'll continue to improve it. We'll see what we can do in regards to the requests for new additions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rosemarie Rodriguez, if you think it should be a healthy check to verify if a Security Gateway is installation target of multiple policy packages (I was confronted with this situation and hopefully... more fear than harm), I've created https://community.checkpoint.com/docs/DOC-2624 which can verify that on a R77.* SMS (using dbedit).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you know how to propose new things to check ? I've created https://community.checkpoint.com/docs/DOC-2624 to verify if firewall(s) is/are installation target(s) of multiple policy packages (based on real story...). I assume that could be a healthy test on any environment with lot of firewalls and policy packages ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Xavier,
I have not customized any script but you can check with Rosemarie for more information. May be also you can edit the healthcheck.sh file and put your content on it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I tried the latest version of the healthcheck.sh script on our vsx cluster of three vsls Members. Unfortunately, Output for the "Backup" member is mangled (see below).
Does anyone know who to turn to for bug reports?
regards, Arne
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can write a comment in sk121447 or open a support ticket with TAC. Unfortunately the only updates Check Point has provided to the script since last year were just CPInfo version number updates, no real code improvements or additions. Maybe your request will make the script to receive further development and love from Check Point.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rosemarie Rodriguez, will you be able to take care of every modification Check Mates proposed on this thread? That's important for us Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you still have this issue with the latest version?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I just verified the latest version on our R80.20 VSX Cluster of three members with VSLS. It still reports the same error for the Backup member:
Current Script Release: 6.11 04-25-2019
Virtual System 10
Context is set to Virtual Device ******** (ID 10).
+-----------------------+-------------------------------+---------------+
| Category | Title | Result |
+=======================+===============================+===============+
| VSX | SIC Status | OK |
| | Security Policy | OK |
+-----------------------+-------------------------------+---------------+
| Fragments | Fragments | OK |
+-----------------------+-------------------------------+---------------+
| Connections Table | Peak Connections | OK |
| | Current Connections | OK |
| | NAT Connections | OK |
+-----------------------+-------------------------------+---------------+
| ClusterXL | Cluster Status | WARNING |
./healthcheck.sh: line 2746: printf: `B': invalid format character
./healthcheck.sh: line 2747: printf: `B': invalid format character
| | Problem Notifications | WARNING |
| | Sync Status | OK |
| | Number of Sync Interfaces | OK |
| | Cluster Failovers | OK |
+-----------------------+-------------------------------+---------------+
| SecureXL | SecureXL Status | OK |
| | Accept Templates | WARNING |
| | Drop Templates | INFO |
| | Aggressive Aging | OK |
+-----------------------+-------------------------------+---------------+
| Logging | Local Logging | OK |
+-----------------------+-------------------------------+---------------+
[Expert@********:10]# cphaprob stat
Cluster Mode: Virtual System Load Sharing
ID Unique Address Assigned Load State Name
1 x.y.z.241 0% STANDBY
2 (local) x.y.z.242 0% BACKUP
3 x.y.z.243 100% ACTIVE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, is there a way run that kind of health check script in chassis family (41K & 61K). There is a limitation for this script written in sk121447
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah. There is limitations. May be developer team will take care this in future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @Gaurav_Pandya the health check script (healthcheck.sh) is no more available in sk121447 where do I get it ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi - this is the direct link
https://support.checkpoint.com/results/download/59369
There's also HealthCheck Point:
https://support.checkpoint.com/results/sk/sk171436
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The first link only works if you are already logged into the support site. go to support.checkpoint.com, log in with your UC account and try it again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yea I did that but error 404 is coming.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then try from the first link, and/or remove browser cache & cookies. It should work. I re-checked twice, the link is operational
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you please attach the script for me here. I think it is the ISP blocks some of links so we need to use proxies to access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Many downloads from SupportCenter will return a 404 if you do not have Software Subscription associated with your account.
Please check this and consult with your local Check Point office for further assistance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have diamond support and the link is still 404 for me, even when loading the link from a session where I just logged in with my work User Center account.
Separately, 404 is objectively the wrong error code for that. 403 is right there.