Do you have some current examples?

Comparatively I know the healthcheck.sh raid check is one example that raised eyebrows....

I can tell you every time I ran HCP, even TAC could not get any results either, nor could they open html file produced. Never had such an issue with healthcheck.sh script.

Personally, I find healthcheck.sh much more easier. One single script with 2 results (txt / html)

...

Even knowing healtcheck.sh sometimes throws an error  : SND/FW Core Distribution |Runtime error (func=(main), adr=3): Divide by zero

HCP means a lot of overhead im terms of installation and handling with 'special' commands (autoupdatercli instead of CPUSE)

And the copying files / extracting and so on....

Regards

Agree 100%.

Lets hope 2023 brings even better tool : - ). @Danny , since you are the scripting MASTER, I think you will end up making something that works 100%, like you did many other times.

Hi @the_rock,

Can you give some more concrete cases where you had an issue with HCP? asking as i'm a fan of HCP tool, i used it for many cases i had from the field and found it very useful.

Moreover starting R81.20 you may review the report thorough WebUI by running the tool and review it under https://<gwip>/hcp.

i will be glad to hear feedback's on HCP tool so i can take it with the owners and see how we can enhance it more.

Thanks,

Ilya 

Well, as I mentioned, even when working with TAC, we could never open html page generated to see the results. All we would do is run hcp -r all command, thats it.

I will test R81.20 in the lab this week and report.

If someone has such issue, i will more than happy to see it and try to assist, i never encountered with such case where i was not able to open html report.

Thanks,

Ilya 

Not sure man, sorry. I will definitely try out R81.20 and see if I get better luck.

WOW, Im super impressed with this @Ilya_Yusupov . Love the new HCP in R81.20...wish it was like this since the beginning. I attached the snippet for anyone curious what it looks like once you run hcp -r all in shs.

After finished, I opened https://172.16.10.205:4434/hcp and below is what I got (very very cool indeed).

Andy

Hi Ilya,

It will be useful to see  cli commands used for particular tests.

BR

Daniel.

The tool is a rpm executable 8) Similar thing with CPM Doc run_cpmdoc.sh: Mostly code, executed by a short head script.

In the sk121447 I am not able to find any mention of healthcheck.sh being discontinued. Could you please point me to the statement?

For me it is difficult to try to trust tools like hcp or healthcheck when they do not show the exact commands used to obtain the information. Without that I cannot be sure what remains to be checked manually. I can use them just for a quick basic overview.

@Chris_Atkinson Recently I was solving problem with SIC certificates. HCP showed no problems on a management server and a gateway despite the fact that:

* The management (secondary) had the ICA root certificate expired.

* The gateway had its SIC certificate expired and the automatic renewal was failing repeatedly.

To clarify are you suggesting this is a difference with healthcheck.sh or an improvement you would like to see added for HCP?

Depending on the versions involved there has been improved alerting added in the console for such scenarios moreover this is also something PRO support identifies if s customer has that entitlement licensed/active.

I did not check healthcheck.sh. I just noticed that on both machines hcp had shown:

---

SIC...............................................[PASSED]

---

I noticed that recently some checks were added to the management server. Let's hope they will cover cases like that. Unfortunately Check Point support was pretty helpless about the expired ICA root certificate on the secondary management server 😞

I do not think that it is ethical that for being notified about similar situations customers should be required to buy the PRO support.

@Danny 

Thank you. I noticed that two things but none of them says that healthcheck.sh is discontinued. Many Check Point support tools have not been updated for a long time and/or they do not support the latest versions. It would be really helpful if it was stated explicitly that healthcheck.sh is discontinued.

I did not state such a requirement, it's simply an option to have Pro support as a another proactive mechanism.

As I said to Ilya in one of my responses, I wish HCP was as good in previous versions as it is in R81.20, super easy to read and parse through.

To add my .02c worth...

I ran hcp on some VSX cluster members from one of our customer members. It showed some odd figures in the "FW tables limit" section. As per the suggested solution to contact CP for futher assistance, I logged a TAC case and provided the HCP output.

In short, the response was:
"In the HCP report, the number of entries column and the Peak column is reversed and a fix will be released to the HCP soon. "

 and

"You can completely ignore all the errors for FW tables limit in HCP report"

Hmmm, why report stuff if the response is to ignore it?

For me it isn't such useful tool as we cannot compare it with used commands / checking(without knowledge and experience) to see why there is not green status.

I remember funny situation when HCP showed me for SmartEvent that there are vpnd coredumps available.

BR

Daniel.