Solved: Re: Need to know SFP details

Kjohnt006 · ‎2025-02-27

Hi Team,

we have a HA pair of Checkpoint 6000 appliances connecting to switches. For one firewall in cluster, we have connection towards switch with one SFP but for another firewall a connection to switch is missing. to order new SFP, we are looking for existing SFP details so that we can order the same. can someone please guide how to get SFP details from existing setup?

firewall version is R81.10

Lesley · ‎2025-02-27

For Maestro run:

echo;echo Collecting transceiver data...;tor_util get_all_ports_optic_enf_st -v|grep is|tr ' ' '\n'|tr -d ,|grep [[:digit:]]|while read port;do echo "--------------- Port: $port ---------------";mlxlink -d $(mst status|grep direct|head -n1|awk '{print $1}') -p $port -m|sed '/Power\|Bias\|Volt\|Temp\|Alarm\|CDR\|Digit\|Wave\|Version\|Att\|Rev\|OUI\|Cable\|---\|Info\|Link\|Loop\|FEC\|Width/d';done|sed -z 's/\nStatus/Status/g'|more;transceiver_verifier -v|sed "s/[Uu]nsupported/"$'\033\[91m&\033\[0m/g'|sed -e "s/^[Ss]upported/"$'\033\[32m&\033\[0m/g';echo

And for normal gateways:

echo;if [[ -f "/etc/cp-release" ]] && ! [[ `grep Embed /etc/cp-release` ]];then stat=`cpstat os`;tput bold;echo -n "$stat"|grep "Appliance Name:"|sed 's/Appliance Name://'|tr -s ' '|tr -d '\n';if [[ `echo "$stat"|grep "Maestro"` ]] && [[ `grep original_name /etc/appliance_config.xml|tr '<>' '\n'|grep "Check Point"` ]];then echo; echo -n " ";grep original_name /etc/appliance_config.xml|tr '<>' '\n'|grep "Check Point"|tr -d '\n';fi;tput sgr0;if [[ `echo "$stat"|grep Manufacturer|grep CheckPoint` ]];then echo -n " (Serial: `echo "$stat"|grep "Appliance SN"|awk '{print $NF}'`, MAC: `dmidecode -t1|grep UUID|awk '{print $NF}' FS=-|sed 's/../&:/g; s/:$//'`)";fi;echo;echo;sfps=0;tput bold;echo " Line cards";tput sgr0;if [[ `find /sys/class/net -name eth*-01 2>/dev/null` ]]; then find /sys/class/net -name eth*-01 2>/dev/null|while read line;do grep `cat $line'/device/subsystem_vendor'` /etc/hw_info/linecard.lst|grep `cat $line'/device/subsystem_device'`|awk -F ',' '{print "Model: "$3" Type: "$4}'|tr -d '"'|tr -s " "|tr -d "\t"|sed "s/\bModel\b/\x1b[1;\t1m&\x1b[m/g;s/\bType\b/\x1b[1;1m&\x1b[m/g;";done;else echo -e "\n\t-";fi;echo;phys=`find /sys/class/net/*/device|awk -F '/' '{print $5}'|wc -l`;echo "`find /sys/class/net/*/device|awk -F '/' '{print $5}'`"|while read line;do if [[ `ethtool -m $line 2>/dev/null` ]];then sfps=1;tput bold;echo " "$line;tput sgr0;etht=`ethtool -m $line 2>/dev/null|awk '/Transceiver type/ && ++count==1{sub(/Transceiver type/,"Transceiver_type")} 1'|grep 'Identifier\|Transceiver_type\|Length\|Vendor name\|Vendor SN\|Vendor PN'|sed 's/Transceiver_type/Transceiver type/'|grep -v ': 0m\|: 0km'`;file=`find /etc/hcp/tests -name hcp_optic_info.json|head -n1`;data=`cat $file|$CPDIR/jq/jq -e -r ".transceivers.CheckPoint_PartNumber[\"$(ethtool -m $line 2>/dev/null|grep 'Vendor PN'|awk '{print $NF}')\"]"`;if [[ $? -eq 1 ]];then echo "$etht";if [[ `echo "$stat"|grep "Appliance Name"|grep "Check Point"` ]];then echo -e "\n\tSKU auto-detect failed. Manually retrieve SKU with this command:";tput bold;echo -e "\tgrep SKU $file|grep -v \"TBD\"";tput sgr0;fi;else echo "$etht$data"|sed "s/^[ \t]*//"|tr -d '"{},'|tr -s " "|sed "s/:/@:/"|column -t -s '@'|sed "s/^/\t/"|grep -v "TBD"$;fi;echo;fi;((phys--));if [[ $phys -eq 0 ]] && [[ sfps -eq 0 ]];then echo -e " \033[1;31mNo SFPs/DACs found! \033[m\n";fi;done;unset stat sfps phys etht line data file;else echo -e " \033[1;31mUnsupported OS! \033[m\n";fi

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

Chris_Atkinson · ‎2025-06-19

See if "show sfp-diag <interface>" yields the information you need.

Just tested on a 1500 with R81.10.17 and a random SFP, this was the output for reference...

Gateway-Spark> show sfp-diag DMZ
Identifier : 0x03 (SFP)
Vendor name : FINISAR CORP.
Vendor OUI : 00:90:65
Vendor PN : FTLX8571D3BCL
Vendor rev : A
Option values : 0x00 0x1a
Option : RX_LOS implemented
Option : TX_FAULT implemented
Option : TX_DISABLE implemented
BR margin, max : 0%
BR margin, min : 0%
Vendor SN : UDG005W
Date code : 081004
Optical diagnostics support : Yes
Laser bias current : 8.056 mA
Laser output power : 0.5679 mW / -2.46 dBm
Receiver signal average optical power : 0.0006 mW / -32.22 dBm
Module temperature : 43.69 degrees C / 110.64 degrees F
Module voltage : 3.3316 V
Gateway-Spark>

/Edit: Seems you will need R81.10.17 per sk181134:

SMBGWY-14324 General When used on 1900 and 2000 Quantum Spark Appliances, the "show sfp-diag" Clish command returns the following message:
"<port name, e.g., DMZ> port has no SFP support."

Source: https://support.checkpoint.com/results/sk/sk181134

CCSM R77/R80/ELITE

View solution in original post

Lesley · ‎2025-02-27

For Maestro run:

echo;echo Collecting transceiver data...;tor_util get_all_ports_optic_enf_st -v|grep is|tr ' ' '\n'|tr -d ,|grep [[:digit:]]|while read port;do echo "--------------- Port: $port ---------------";mlxlink -d $(mst status|grep direct|head -n1|awk '{print $1}') -p $port -m|sed '/Power\|Bias\|Volt\|Temp\|Alarm\|CDR\|Digit\|Wave\|Version\|Att\|Rev\|OUI\|Cable\|---\|Info\|Link\|Loop\|FEC\|Width/d';done|sed -z 's/\nStatus/Status/g'|more;transceiver_verifier -v|sed "s/[Uu]nsupported/"$'\033\[91m&\033\[0m/g'|sed -e "s/^[Ss]upported/"$'\033\[32m&\033\[0m/g';echo

And for normal gateways:

echo;if [[ -f "/etc/cp-release" ]] && ! [[ `grep Embed /etc/cp-release` ]];then stat=`cpstat os`;tput bold;echo -n "$stat"|grep "Appliance Name:"|sed 's/Appliance Name://'|tr -s ' '|tr -d '\n';if [[ `echo "$stat"|grep "Maestro"` ]] && [[ `grep original_name /etc/appliance_config.xml|tr '<>' '\n'|grep "Check Point"` ]];then echo; echo -n " ";grep original_name /etc/appliance_config.xml|tr '<>' '\n'|grep "Check Point"|tr -d '\n';fi;tput sgr0;if [[ `echo "$stat"|grep Manufacturer|grep CheckPoint` ]];then echo -n " (Serial: `echo "$stat"|grep "Appliance SN"|awk '{print $NF}'`, MAC: `dmidecode -t1|grep UUID|awk '{print $NF}' FS=-|sed 's/../&:/g; s/:$//'`)";fi;echo;echo;sfps=0;tput bold;echo " Line cards";tput sgr0;if [[ `find /sys/class/net -name eth*-01 2>/dev/null` ]]; then find /sys/class/net -name eth*-01 2>/dev/null|while read line;do grep `cat $line'/device/subsystem_vendor'` /etc/hw_info/linecard.lst|grep `cat $line'/device/subsystem_device'`|awk -F ',' '{print "Model: "$3" Type: "$4}'|tr -d '"'|tr -s " "|tr -d "\t"|sed "s/\bModel\b/\x1b[1;\t1m&\x1b[m/g;s/\bType\b/\x1b[1;1m&\x1b[m/g;";done;else echo -e "\n\t-";fi;echo;phys=`find /sys/class/net/*/device|awk -F '/' '{print $5}'|wc -l`;echo "`find /sys/class/net/*/device|awk -F '/' '{print $5}'`"|while read line;do if [[ `ethtool -m $line 2>/dev/null` ]];then sfps=1;tput bold;echo " "$line;tput sgr0;etht=`ethtool -m $line 2>/dev/null|awk '/Transceiver type/ && ++count==1{sub(/Transceiver type/,"Transceiver_type")} 1'|grep 'Identifier\|Transceiver_type\|Length\|Vendor name\|Vendor SN\|Vendor PN'|sed 's/Transceiver_type/Transceiver type/'|grep -v ': 0m\|: 0km'`;file=`find /etc/hcp/tests -name hcp_optic_info.json|head -n1`;data=`cat $file|$CPDIR/jq/jq -e -r ".transceivers.CheckPoint_PartNumber[\"$(ethtool -m $line 2>/dev/null|grep 'Vendor PN'|awk '{print $NF}')\"]"`;if [[ $? -eq 1 ]];then echo "$etht";if [[ `echo "$stat"|grep "Appliance Name"|grep "Check Point"` ]];then echo -e "\n\tSKU auto-detect failed. Manually retrieve SKU with this command:";tput bold;echo -e "\tgrep SKU $file|grep -v \"TBD\"";tput sgr0;fi;else echo "$etht$data"|sed "s/^[ \t]*//"|tr -d '"{},'|tr -s " "|sed "s/:/@:/"|column -t -s '@'|sed "s/^/\t/"|grep -v "TBD"$;fi;echo;fi;((phys--));if [[ $phys -eq 0 ]] && [[ sfps -eq 0 ]];then echo -e " \033[1;31mNo SFPs/DACs found! \033[m\n";fi;done;unset stat sfps phys etht line data file;else echo -e " \033[1;31mUnsupported OS! \033[m\n";fi

-------
If you like this post please give a thumbs up(kudo)! 🙂

the_rock · ‎2025-02-27

Awesome @Lesley . Just ran it on R82 lab and worked like a charm 🙂

Andy

Standard PC (i440FX + PIIX, 1996)

Line cards

-

No SFPs/DACs found!

Kjohnt006 · ‎2025-03-06

Thanks a ton.. it is a great solution indeed 🙂

hcampuza · ‎2025-06-17

I'd like to run it on a Quantum Edge 1900 with Gaia R81.10.10. Is it possible?

Chris_Atkinson · ‎2025-06-17

The SFP flavours for the 1900 are limited by comparison, are you unable to determine what you have from Usercenter or is there another use case?

CCSM R77/R80/ELITE

PhoneBoy · ‎2025-06-18

This script runs on Embedded Gaia but returns "Unsupported OS."

Chris_Atkinson · ‎2025-06-19

See if "show sfp-diag <interface>" yields the information you need.

Just tested on a 1500 with R81.10.17 and a random SFP, this was the output for reference...

Gateway-Spark> show sfp-diag DMZ
Identifier : 0x03 (SFP)
Vendor name : FINISAR CORP.
Vendor OUI : 00:90:65
Vendor PN : FTLX8571D3BCL
Vendor rev : A
Option values : 0x00 0x1a
Option : RX_LOS implemented
Option : TX_FAULT implemented
Option : TX_DISABLE implemented
BR margin, max : 0%
BR margin, min : 0%
Vendor SN : UDG005W
Date code : 081004
Optical diagnostics support : Yes
Laser bias current : 8.056 mA
Laser output power : 0.5679 mW / -2.46 dBm
Receiver signal average optical power : 0.0006 mW / -32.22 dBm
Module temperature : 43.69 degrees C / 110.64 degrees F
Module voltage : 3.3316 V
Gateway-Spark>

/Edit: Seems you will need R81.10.17 per sk181134:

SMBGWY-14324 General When used on 1900 and 2000 Quantum Spark Appliances, the "show sfp-diag" Clish command returns the following message:
"<port name, e.g., DMZ> port has no SFP support."

Source: https://support.checkpoint.com/results/sk/sk181134

CCSM R77/R80/ELITE

Chris_Atkinson · ‎2025-02-27

sk92755 lists the supported SFPs for the 6000 series appliances. By default the "Plus" variant will ship with SR SFPs.

If you know what is in the switch in terms of SFP it will be easy to align.

You can also see which check point SFP you have in the Accessories part of Product Center / Usercenter.

CCSM R77/R80/ELITE

Are you a member of CheckMates?

Need to know SFP details