Quantum SD-WAN Monitoring
Watch NowCheckMates Fest 2026
Watch Now!AI Security Masters
Hacking with AI: The Dark Side of Innovation
CheckMates Go:
R82.10 and Rationalizing Multi Vendor Security Policies
Hey guys,
This script runs connectivity check to bunch of CP fwdns/IPs.
Lab example:
[Expert@CP-GW:0]# ./cp_services_connectivity_check.sh
Check Point Services Connectivity Check
Time: Wed Jan 28 09:02:40 EST 2026
List: https://secureupdates.checkpoint.com/cp_services/V1_0_0/gw/cp_services_uo
Tool: curl_cli Timeout: 6s Proxy: none
Downloading service list...
Hosts to test: 143
SKIP *.cloud.ngen.checkpoint.com (wildcard)
SKIP *.datatube.checkpoint.com (wildcard)
SKIP *.dev.i2.checkpoint.com (wildcard)
SKIP *.epmgmt.checkpoint.com (wildcard)
SKIP *.i2.checkpoint.com (wildcard)
SKIP *.inext.checkpoint.com (wildcard)
SKIP *.maas.checkpoint.com (wildcard)
SKIP *.ngen.checkpoint.com (wildcard)
SKIP *.stg.i2.checkpoint.com (wildcard)
OK Kav82.zonealarm.com [209.148.171.48,209.148.171.73] HTTP HTTP:404
OK ap-1.spark-management.checkpoint.com [13.232.89.202,35.154.167.100] HTTPS HTTP:200
OK ap-2.spark-management.checkpoint.com [13.232.89.202,35.154.167.100] HTTPS HTTP:200
FAIL ap-northeast-2.allowed-ips.checkpoint.com [3.37.137.219,3.38.243.39] (no HTTP/HTTPS response)
FAIL ap-south-1.allowed-ips.checkpoint.com [15.206.182.35,35.154.171.21] (no HTTP/HTTPS response)
FAIL ap-southeast-1.allowed-ips.checkpoint.com [52.220.239.99,54.179.66.28] (no HTTP/HTTPS response)
OK ap-southeast-2.allowed-ips.checkpoint.com [3.105.139.243,3.105.14.157,52.64.37.249] HTTP HTTP:301
FAIL ap-southeast-2.g04.checkpoint.com [15.206.182.35,3.105.139.243,3.105.14.157,3.37.137.219,3.38.243.39,35.154.171.21,52.220.239.99,52.64.37.249,54.179.66.28] (no HTTP/HTTPS response)
OK ap.portal.checkpoint.com [13.227.246.12,13.227.246.28,13.227.246.70,13.227.246.71] HTTPS HTTP:200
OK api-cpx.ap1.dome9.com [18.67.39.123,18.67.39.72,18.67.39.78,18.67.39.92] HTTPS HTTP:403
OK api-cpx.ap2.dome9.com [3.164.92.118,3.164.92.16,3.164.92.17,3.164.92.47] HTTPS HTTP:403
OK api-cpx.ap3.dome9.com [3.164.92.107,3.164.92.110,3.164.92.33,3.164.92.5] HTTPS HTTP:403
OK api-cpx.cace1.dome9.com [18.67.17.12,18.67.17.13,18.67.17.41,18.67.17.64] HTTPS HTTP:403
OK api-cpx.dome9.com [13.227.246.104,13.227.246.22,13.227.246.43,13.227.246.73] HTTPS HTTP:403
OK api-cpx.eu1.dome9.com [18.245.104.108,18.245.104.115,18.245.104.40,18.245.104.69] HTTPS HTTP:403
OK api.ap1.dome9.com [13.215.67.253,13.228.156.166,54.254.3.112] HTTPS HTTP:403
OK api.ap2.dome9.com [13.238.186.191,13.55.148.135,3.104.162.243] HTTPS HTTP:403
OK api.ap3.dome9.com [13.205.52.135,13.205.58.47,65.0.53.73] HTTPS HTTP:403
OK api.cace1.dome9.com [15.157.92.75,16.52.217.87,3.97.193.103] HTTPS HTTP:403
OK api.dome9.com [100.48.134.78,3.220.133.5,54.85.16.200] HTTPS HTTP:403
OK api.eu1.dome9.com [34.247.227.194,34.249.171.20,54.217.195.12] HTTPS HTTP:403
FAIL au-gw.sg.iaas.checkpoint.com [34.149.232.224] (no HTTP/HTTPS response)
OK avupdates.checkpoint.com [72.136.195.24,72.136.195.43] HTTP HTTP:404
FAIL ca-central-1.allowed-ips.checkpoint.com [15.156.170.221,52.60.148.109] (no HTTP/HTTPS response)
FAIL ca-gw.sg.iaas.checkpoint.com [34.110.151.133] (no HTTP/HTTPS response)
OK ca.portal.checkpoint.com [18.245.104.101,18.245.104.113,18.245.104.115,18.245.104.46] HTTPS HTTP:200
OK catalog.checkpoint.com [13.227.246.10,13.227.246.123,13.227.246.42,13.227.246.62] HTTPS HTTP:200
OK cloudinfra-gw-us.portal.checkpoint.com [100.49.133.55,100.52.1.192,100.52.6.32] HTTPS HTTP:404
OK cloudinfra-gw.ap.portal.checkpoint.com [3.107.140.231,52.63.185.175,52.63.216.244] HTTPS HTTP:404
OK cloudinfra-gw.ca.portal.checkpoint.com [15.156.101.41,15.223.12.66,99.79.171.78] HTTPS HTTP:404
OK cloudinfra-gw.in.portal.checkpoint.com [3.108.71.201,65.1.69.84,65.2.8.250] HTTPS HTTP:404
OK cloudinfra-gw.portal.checkpoint.com [34.251.219.93,34.252.163.20,34.255.17.34] HTTPS HTTP:404
OK cloudinfra-gw.uk.portal.checkpoint.com [13.135.35.12,35.177.234.226,52.56.80.47] HTTPS HTTP:404
OK cplinuxam.checkpoint.com [23.192.53.245] HTTPS HTTP:404
OK crl.comodoca.com [104.18.38.233,172.64.149.23] HTTP HTTP:200
OK crl.entrust.net [104.18.38.233,172.64.149.23] HTTP HTTP:200
OK crl.globalsign.com [104.18.20.226,104.18.21.226] HTTPS HTTP:301
OK crl.sectigo.com [104.18.38.233,172.64.149.23] HTTP HTTP:200
OK crl.usertrust.com [104.18.38.233,172.64.149.23] HTTP HTTP:200
OK crl.verisign.com [184.84.47.6] HTTP HTTP:200
FAIL cws.checkpoint.com [2.16.170.166,2.16.170.175] (no HTTP/HTTPS response)
OK de-1.spark-management.checkpoint.com [3.126.217.195,35.156.38.50] HTTPS HTTP:200
OK dev-cloudinfra-gw.ap.portal.checkpoint.com [13.237.129.19,13.237.17.0,13.54.42.0] HTTPS HTTP:404
OK dev-cloudinfra-gw.kube1.iaas.checkpoint.com [46.51.151.181,52.16.87.177,52.209.172.183] HTTPS HTTP:404
FAIL diag-services.checkpoint.com [194.29.39.52] (no HTTP/HTTPS response)
OK dl3.checkpoint.com [23.209.58.68] HTTPS HTTP:302
OK download.ctmail.com [216.163.190.73] HTTPS HTTP:200
OK downloads.checkpoint.com [18.67.17.129,18.67.17.30,18.67.17.36,18.67.17.75] HTTPS HTTP:301
FAIL epm-gw-eu.epmgmt.checkpoint.com [34.249.245.65,52.49.2.249] (no HTTP/HTTPS response)
FAIL epm-gw-us.epmgmt.checkpoint.com [34.206.248.183,34.231.106.109] (no HTTP/HTTPS response)
OK eu-1.spark-management.checkpoint.com [108.128.111.49,54.247.137.18] HTTPS HTTP:200
FAIL eu-central-1.allowed-ips.checkpoint.com [18.157.65.130,3.78.6.207] (no HTTP/HTTPS response)
FAIL eu-gw.sg.iaas.checkpoint.com [34.149.149.107] (no HTTP/HTTPS response)
OK eu-spark-activation.iaas.checkpoint.com [18.200.55.122,18.202.68.235,52.16.24.86] HTTPS HTTP:404
OK eu-west-1.allowed-ips.checkpoint.com [46.51.203.128,52.210.248.134,54.220.66.248] HTTP HTTP:301
FAIL eu-west-1.g04.checkpoint.com [15.184.107.221,16.24.41.110,18.157.65.130,18.168.7.234,18.171.117.185,3.78.6.207,40.172.21.113,46.51.203.128,51.112.130.15,52.210.248.134,54.220.66.248] (no HTTP/HTTPS response)
FAIL eu-west-2.allowed-ips.checkpoint.com [18.168.7.234,18.171.117.185] (no HTTP/HTTPS response)
OK fairfax.ott.checkpoint.com [172.102.158.35] HTTPS HTTP:401
OK file-rep.iaas.checkpoint.com [16.52.217.90,35.182.60.205,52.60.196.212] HTTPS HTTP:403
OK ftp-proxy.checkpoint.com [194.29.38.122] HTTPS HTTP:401
OK gwevents.checkpoint.com [18.67.39.18,18.67.39.22,18.67.39.41,18.67.39.8] HTTPS HTTP:403
OK in-gw.sg.iaas.checkpoint.com [34.95.82.11] HTTP HTTP:301
OK in-spark-activation.iaas.checkpoint.com [13.235.217.107,3.6.52.2,52.66.149.186] HTTPS HTTP:404
OK in.portal.checkpoint.com [13.227.246.108,13.227.246.44,13.227.246.9,13.227.246.97] HTTPS HTTP:200
OK inext-agents-aus1.cloud.ngen.checkpoint.com [15.197.214.233,3.33.222.204] HTTPS HTTP:403
OK inext-agents-ind1.cloud.ngen.checkpoint.com [15.197.167.248,3.33.187.244] HTTPS HTTP:403
OK inext-agents-us.cloud.ngen.checkpoint.com [35.71.144.247,52.223.30.193] HTTPS HTTP:403
OK inext-agents.cloud.ngen.checkpoint.com [75.2.123.205,99.83.172.252] HTTPS HTTP:403
OK kav8.checkpoint.com [209.148.171.48,209.148.171.73] HTTP HTTP:404
OK kav8.zonealarm.com [209.148.171.48,209.148.171.73] HTTP HTTP:404
OK maas-mgmt-connect-tunnels-service-2.portal.checkpoint.com [34.248.157.120,34.250.58.97,54.154.240.171] HTTPS HTTP:403
OK maas-mgmt-connect-tunnels-service-ap-2.ap.portal.checkpoint.com [3.104.0.124,3.107.219.21,52.64.231.10] HTTPS HTTP:403
OK maas-mgmt-connect-tunnels-service-us-2.portal.checkpoint.com [3.230.111.75,52.1.177.55,52.207.186.96] HTTPS HTTP:403
OK malw-cws.checkpoint.com [23.209.58.68] HTTP HTTP:200
FAIL me-central-1.allowed-ips.checkpoint.com [40.172.21.113,51.112.130.15] (no HTTP/HTTPS response)
FAIL me-south-1.allowed-ips.checkpoint.com [15.184.107.221,16.24.41.110] (no HTTP/HTTPS response)
OK mercury.ts.checkpoint.com [216.228.148.22] HTTPS HTTP:401
OK portal.checkpoint.com [18.67.39.101,18.67.39.117,18.67.39.65,18.67.39.77] HTTPS HTTP:200
OK productcoverage.checkpoint.com [18.67.39.100,18.67.39.128,18.67.39.18,18.67.39.55] HTTPS HTTP:403
OK productservices.checkpoint.com [3.164.92.113,3.164.92.4,3.164.92.75,3.164.92.96] HTTPS HTTP:403
OK ptcd.checkpoint.com [23.209.58.68] HTTPS HTTP:404
OK ptcs.checkpoint.com [209.87.211.148] HTTPS HTTP:200
OK push.checkpoint.com [34.196.231.44,44.198.235.63] HTTPS HTTP:404
OK q.ap.portal.checkpoint.com [3.164.92.11,3.164.92.121,3.164.92.56,3.164.92.87] HTTPS HTTP:200
FAIL rep-cws.checkpoint.com (DNS failed)
OK rep.checkpoint.com [23.221.254.110] HTTPS HTTP:403
OK resolver1.chkp.ctmail.com [216.163.190.11] HTTP HTTP:400
OK resolver2.chkp.ctmail.com [216.163.190.11] HTTP HTTP:400
OK resolver3.chkp.ctmail.com [216.163.190.11] HTTP HTTP:400
OK resolver4.chkp.ctmail.com [216.163.190.11] HTTP HTTP:400
OK resolver5.chkp.ctmail.com [216.163.190.11] HTTP HTTP:400
OK sba-data-collection.iaas.checkpoint.com [54.75.234.28,63.34.135.233,79.125.6.81] HTTPS HTTP:404
OK sc1.checkpoint.com [184.24.147.219] HTTPS HTTP:200
OK sc2.checkpoint.com [23.209.58.68] HTTPS HTTP:200
OK sc3.checkpoint.com [23.209.58.68] HTTPS HTTP:200
OK sc4.checkpoint.com [23.209.58.68] HTTPS HTTP:200
OK sc5.checkpoint.com [23.209.58.68] HTTPS HTTP:200
OK secureupdates.checkpoint.com [23.209.58.119] HTTPS HTTP:404
OK services.checkpoint.com [3.164.92.123,3.164.92.46,3.164.92.48,3.164.92.96] HTTPS HTTP:403
FAIL sg-gw.sg.iaas.checkpoint.com [34.117.5.169] (no HTTP/HTTPS response)
OK shiftleft-prod-bucket.sg.iaas.checkpoint.com [13.227.246.41,13.227.246.52,13.227.246.62,13.227.246.80] HTTPS HTTP:403
OK shiftleft.portal.checkpoint.com [54.75.234.28,63.34.135.233,79.125.6.81] HTTPS HTTP:404
OK sigcheck.checkpoint.com [72.136.195.24,72.136.195.59] HTTP HTTP:404
OK smbclouddeployment.checkpoint.com [209.87.212.225] HTTPS HTTP:200
OK smbcloudmgmt.checkpoint.com [194.29.38.55] HTTPS HTTP:403
OK smbmgmtservice.checkpoint.com [13.234.154.54,3.7.140.143] HTTPS HTTP:404
OK smbrelay.checkpoint.com [13.227.246.100,13.227.246.66,13.227.246.77,13.227.246.8] HTTPS HTTP:200
OK smp-beta.checkpoint.com [52.18.255.182,63.35.253.57] HTTPS HTTP:200
OK smp1.checkpoint.com [52.21.217.81,54.80.39.253] HTTPS HTTP:200
OK support.checkpoint.com [13.227.246.22,13.227.246.28,13.227.246.34,13.227.246.38] HTTPS HTTP:200
OK supportcenter.checkpoint.com [13.227.246.22,13.227.246.28,13.227.246.34,13.227.246.38] HTTPS HTTP:200
OK supportcontent.checkpoint.com [13.227.246.22,13.227.246.28,13.227.246.34,13.227.246.38] HTTPS HTTP:200
OK te-ap.iaas.checkpoint.com [13.210.33.178,16.176.243.59,3.104.165.255] HTTPS HTTP:404
OK te-eu.checkpoint.com [18.200.104.199,34.247.94.73,54.246.177.235] HTTPS HTTP:404
OK te-in.iaas.checkpoint.com [13.205.128.121,13.235.206.34,35.154.66.164] HTTPS HTTP:404
OK te-na.checkpoint.com [34.202.148.216,34.206.248.12,54.152.141.11] HTTPS HTTP:404
OK te-uk.iaas.checkpoint.com [13.134.196.224,18.132.216.150,35.178.220.237] HTTPS HTTP:404
OK te.checkpoint.com [34.202.148.216,34.206.248.12,54.152.141.11] HTTPS HTTP:404
OK te.checkpoint.com.cn [52.82.85.42,68.79.8.50,69.235.149.6] HTTPS HTTP:404
OK teadv.checkpoint.com [23.209.58.68] HTTPS HTTP:404
OK threat-emulation.checkpoint.com [34.202.148.216,34.206.248.12,54.152.141.11] HTTPS HTTP:404
OK threatcloud.iaas.checkpoint.com [204.236.225.190,3.85.54.30,34.196.179.143,54.208.184.107] HTTPS HTTP:404
OK uk.portal.checkpoint.com [18.67.17.126,18.67.17.30,18.67.17.33,18.67.17.58] HTTPS HTTP:200
OK updates.checkpoint.com [18.245.104.59,18.245.104.64,18.245.104.80,18.245.104.81] HTTPS HTTP:404
OK url-rep.iaas.checkpoint.com [16.52.217.90,35.182.60.205,52.60.196.212] HTTPS HTTP:403
OK us-east-1.allowed-ips.checkpoint.com [18.205.54.240,3.224.33.252,50.17.39.153] HTTP HTTP:301
OK us-east-1.g04.checkpoint.com [15.156.170.221,18.205.54.240,3.224.33.252,35.161.89.173,44.233.240.14,50.17.39.153,52.60.148.109] HTTP HTTP:301
OK us-gw.sg.iaas.checkpoint.com [34.120.168.143] HTTP HTTP:301
OK us-spark-activation.iaas.checkpoint.com [100.51.250.107,52.1.144.220,54.88.19.172] HTTPS HTTP:404
FAIL us-west-2.allowed-ips.checkpoint.com [35.161.89.173,44.233.240.14] (no HTTP/HTTPS response)
OK usercenter.checkpoint.com [13.227.246.123,13.227.246.15,13.227.246.26,13.227.246.32] HTTPS HTTP:301
FAIL whitelist-cidr.portal.checkpoint.com [13.239.167.43,13.54.58.52,15.207.181.9,15.207.93.54,18.135.172.165,18.169.12.227,18.170.96.99,18.204.157.112,18.206.67.206,18.209.141.207,18.210.66.86,18.211.103.190,3.0.247.199,3.104.16.228,3.105.224.229,3.105.53.155,3.106.66.25,3.109.77.251,3.24.201.223,34.196.221.151,34.242.147.12,52.208.59.174,52.48.38.139,52.49.197.117,52.50.193.74,52.62.15.21,52.64.101.250,52.65.40.250,52.74.245.116,52.76.101.252,54.206.31.83,54.253.134.3,54.253.134.31,54.253.157.231,54.253.54.185,54.253.86.204,54.72.186.59,54.72.206.215,54.77.49.88,79.125.119.10] (no HTTP/HTTPS response)
OK zerophishing.iaas.checkpoint.com [13.227.246.114,13.227.246.36,13.227.246.39,13.227.246.88] HTTPS HTTP:403
OK zerotouch.checkpoint.com [166.117.104.184] HTTPS HTTP:302
Summary: OK=0 SKIP=9 FAIL=21 Total=143
Result: NOT all Check Point services are reachable.
[Expert@CP-GW:0]#
Hey guys,
This script runs connectivity check to bunch of CP fwdns/IPs.
Lab example:
[Expert@CP-GW:0]# ./cp_services_connectivity_check.sh
Check Point Services Connectivity Check
Time: Wed Jan 28 09:02:40 EST 2026
List: https://secureupdates.checkpoint.com/cp_services/V1_0_0/gw/cp_services_uo
Tool: curl_cli Timeout: 6s Proxy: none
Downloading service list...
Hosts to test: 143
SKIP *.cloud.ngen.checkpoint.com (wildcard)
SKIP *.datatube.checkpoint.com (wildcard)
SKIP *.dev.i2.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
