This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christian_Opitz
Contributor
Contributor
‎2024-06-18 01:00 AM
Jump to solution

No SFTP any longer only Aspera in Service Requests

Hello,

as CP Partner we have to handle cases for many customers. Now I got the information in an Service Request that SFTP Accounts for uploading should be no longer used: "Unfortunately, SFTP account can only be provided if an issue occurs while uploading the files through the browser."

This means we have to transfer all requested files to us as first step and upload them afterwards to you via browser (altough it is faster via Aspera Plugin if you can use it but I don't like uploading gb via browser).

This is very impractical in particular at big files e.g. Crash Dumps and also at many files in folders. When using an account with limiting rights for scp transfer you will also have to copy it to another folder and change file rights or change a oot user to bash to have access to all folders each time.

Before we were able to use sftp command (if SFTP Acc was created), cpinfo -s (should also not used) or earlier cp_uploader directly on the gateway or at least at a customer system with internet access but so we always need additional a browser cause this is no longer possible from a check point system itself.

This is complex, bandwith intensive and needs more time for us.

1 Solution

Accepted Solutions
Duane_Toler
MVP Silver
MVP Silver
‎2025-05-14 06:57 AM
In response to Jan_Kleinhans
Jump to solution

Aye, I often had the same issue with uploads being "lost".

I got frustrated and opened a TAC case and got hold of someone who gave me some "inside scoop" on what happens when uploading giant files with "cpinfo -s <SR> -x -n -f ..".  Apparently, the larger files do take a LOOOOOONG time to process on their end, and they are then copied over to a different server that the TAC folks can access.  It also matters if your file is going to the server in Dallas or Ottawa, versus where the TAC engineer is.  They may need to check the opposite server.

I don't wanna write out the names of these hosts here, but TAC folks on the inside should know which-is-which.

This is a process that could be improved, however.  If for no reason other than to help the TAC folks need to do less "gymnastics" of their own.  This would help us, the support partners, feel better about using the tools we're told to use (cpinfo -x -s -n -f) knowing that TAC is gonna get what we throw at them.

 

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

View solution in original post

7 Replies
Arne_Boettger
Collaborator
‎2025-05-09 12:19 AM
Jump to solution

Hello,

found your post while searching for the sk178326. We sometimes had success asking for an SFTP account instead, especially for uploading files directly from the affected devices. We, too, are very unhappy with the move to Aspera, especially because our Microsoft Defender for Endpoint complains about the version CheckPoint uses, because it is outdated.

0 Kudos
Jan_Kleinhans
Advisor
‎2025-05-09 12:52 AM
Jump to solution

We also don't like the Aspera. We cannot use the plugin because of internal policy. So uploads of GBytes takes very long and sometimes the uploads don't even work and you have to reupload or ask for an sftp account.

Maybe Checkpoint should evaluate the Tool and change to another one. 

0 Kudos
Henrik_Noerr1
Advisor
‎2025-05-09 01:03 AM
Jump to solution

We *never* use that plugin - and it would not be allowed by our organisation.

To rub it in - our jump hosts does not have internet access. So I would also need to offload the data to the jump host, then to my desktop (where I am not allowed to have this data) and then upload the data to Check Point. That would only slow me down and make me breach compliance guardrails. 

We always use the cpinfo tool every time to upload data, and expect it to continue to work. This also means that support can never ever find the files, and we need to guide them.

Regards,

Henrik

0 Kudos
Jan_Kleinhans
Advisor
‎2025-05-09 01:59 AM
In response to Henrik_Noerr1
Jump to solution

We have exactly the same architecture. cpinfo upload is always "lost". But it would be the easiest way of uploading files.

0 Kudos
Duane_Toler
MVP Silver
MVP Silver
‎2025-05-14 06:57 AM
In response to Jan_Kleinhans
Jump to solution

Aye, I often had the same issue with uploads being "lost".

I got frustrated and opened a TAC case and got hold of someone who gave me some "inside scoop" on what happens when uploading giant files with "cpinfo -s <SR> -x -n -f ..".  Apparently, the larger files do take a LOOOOOONG time to process on their end, and they are then copied over to a different server that the TAC folks can access.  It also matters if your file is going to the server in Dallas or Ottawa, versus where the TAC engineer is.  They may need to check the opposite server.

I don't wanna write out the names of these hosts here, but TAC folks on the inside should know which-is-which.

This is a process that could be improved, however.  If for no reason other than to help the TAC folks need to do less "gymnastics" of their own.  This would help us, the support partners, feel better about using the tools we're told to use (cpinfo -x -s -n -f) knowing that TAC is gonna get what we throw at them.

 

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
Henrik_Noerr1
Advisor
‎2025-05-14 11:30 AM
In response to Duane_Toler
Jump to solution

ahh it makes perfect sense now! 🙂

Thanks

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-05-09 02:02 AM
Jump to solution

I always get SFTP credentials as upload in UserCenter is limited and Aspera not allowed - UC upload is possible but slower without Aspera. For server_migrate export you will not use Aspera but SFTP !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events