Hi Timothy,

The only rules that these applications can hit are the 'Cleanup Rules' with action Drop and track Log.

We've 1 other rule to block traffic to internet with action Reject but only track Log

Is there a way to find the rule(s) that is/are responsible for this traffic?

which url to consult web version of HCP  result?

thanks

Check here.

/var/log/hcp/last/...*.tgz 

download the file and open with a brower after extracting .tgz contents

[ ]´s

yes i know

i mean, i remember something like https://fw-ip/hcp ... but it doesn't work

i dunno why is not documented in official SK

It is documented in jumbo takes:

You have the correct URL, but that web-based functionality is only supported for later R81.10 Jumbo HFAs and R81.20+.  Here is the relevant page from my Gateway Performance Optimization Course mentioning this:

i'm on r81.20, isn't working.... maybe the problem is related to Web portal on port 443...

anyway, i think is something to be added in official sk https://support.checkpoint.com/results/sk/sk171436

thank you all

Trust me, it works, I tested it on R81.20 many times...message me, I can show you via remote if needed.

Andy

Technically, like any "sub" domain if you will (for the lack of better term), would go like that, you need custom web UI port for it to work...so https://w.z.y.z:customport/hcp, so in my case it was https://172.16.10.249:4434/hcp

I also ran it on Azure fw lab, but page is sort of "scrambled", but it could be since its cloud fw, on prem works 100% of the time.

Best,

Andy

Never mind, got it...just did not wait long enough lol

Best,

Andy

Hi Tim,

Just to let you know that SK180368 is marked as deleted in the support center.
"

Deleted

This SK no longer exists

"

There is this:

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/Dr...

"

Dr. Spark

With the Dr. Spark feature, you can check the Quantum Spark Appliance performance, sizing and health status.

Note - The Dr. Spark feature is available as a separate tab starting from R81.10.08. In earlier versions, the Dr. Spark buttons are available on the Using System Tools page.

"

Can you please share with me the hcp argument/command for a TP health check?

I thought it was in the CTPS courseware but a Kortext search does not find hcp.

EDIT

Never mind, I found it on page 457 🙂

END OF EDIT 

Regards,

Don

You are 100% right, the sk has been removed.

This information now exists in the official guides (thus why the SK was deleted).

It definitely works, I tested it in the lab many times. Make sure to add custom port for web UI if it exists

ie https://x.x.x.x:4434/hcp

Andy

I just ran it, below is my example, its simply the web fqdn, you add hcp on "top" of web UI

Andy