Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Employee Employee
Employee

sk83520 how to check connectivity to CP

One of Dameon Welch Abernathy‌ favorite SKs Smiley Happy mine too.  I'm sure most have already written own check scripts, but if you have been too busy you may use this one. Output will look like this:

 

 

If needed you may chuck in --proxy <your proxy> option into curl_cli command.  Just didn't want to make it too complex - this is just a quick fix to verify HTTP/S connectivity towards various CP servers in seconds.

FYI, I noticed that "push.checkpoint.com" returns 403 Forbidden, so I left it as "NOK" for now - script will only accept 200 OK, 301 Moved and 302 Found as valid response

As you will notice, you can add your own URLs to be checked at the bottom if you wish. 

 

#!/bin/bash
check_url () {
 result=" [ NOK ]"
 name="$2 "
 while [ ${#name} -lt 74 ]; do name="$name."; done
 echo -en "$name "
 if [ `curl_cli -Lisk $1 | head -1 | egrep -c "1.1 200|OK|Found|Moved"` -gt 0 ]; then result=" [ OK ]"; fi
 echo $result
}

echo
echo "sk83520 How to verify that Security Gateway and/or Security Management Server can access Check Point servers"
echo

check_url 'http://cws.checkpoint.com/APPI/SystemStatus/type/short' 'Social Media Widget Detection'
check_url 'http://cws.checkpoint.com/URLF/SystemStatus/type/short' 'URL Filtering Cloud Categorization'
check_url 'http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short' 'Virus Detection'
check_url 'http://cws.checkpoint.com/Malware/SystemStatus/type/short' 'Bot Detection'
check_url 'https://updates.checkpoint.com/' 'IPS Updates and Updatable Objects'
check_url 'http://crl.globalsign.com' 'CRL Globalsign'
check_url 'http://dl3.checkpoint.com' 'Download Service Updates '
check_url 'https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService' 'Contract Entitlement '
check_url 'https://usercenter.checkpoint.com/usercenter/services/BladesManagerService' 'Software Blades Manager Service'
check_url 'http://resolver1.chkp.ctmail.com' 'Suspicious Mail Outbreaks'
check_url 'http://download.ctmail.com' 'Anti-Spam'
check_url 'http://te.checkpoint.com/tecloud/Ping' 'Threat Emulation'
check_url 'http://teadv.checkpoint.com' 'Threat Emulation Advanced'
check_url 'https://threat-emulation.checkpoint.com/tecloud/Ping' 'Threat Emulation'
check_url 'https://ptcs.checkpoint.com' 'PTC Updates'
check_url 'http://kav8.zonealarm.com/version.txt' 'Deep inspection'
check_url 'http://kav8.checkpoint.com' 'Traditional Anti-Virus'
check_url 'http://avupdates.checkpoint.com/UrlList.txt' 'Traditional Anti-Virus, Legacy URL Filtering'
check_url 'http://sigcheck.checkpoint.com/Siglist2.txt' 'Download of signature updates'
check_url 'http://secureupdates.checkpoint.com' 'Manage Security Gateways'
check_url 'https://productcoverage.checkpoint.com/ProductCoverageService' 'Makes sure the machines contracts are up-to-date'
check_url 'https://sc1.checkpoint.com/sc/images/checkmark.gif' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60342479_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60096017_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://push.checkpoint.com/push/ping' 'Push Notifications '
check_url 'http://downloads.checkpoint.com' 'Download of Endpoint Compliance Updates'
check_url 'http://productservices.checkpoint.com' 'Next Generation Licensing'

 

10 Replies
PhoneBoy
Admin
Admin

There's a reason this is one of my favorite SKs: I believe I originated it Smiley Happy

rhapirou
Employee
Employee

Thanks https://community.checkpoint.com/people/kaspa0460ae43-b630-4a72-b063-0a8888fa3bb5

Cybersecurity Evangelist, CISSP, CCSA-CCAS-CCCS-CCTA
Oren_Nudelman
Employee Alumnus
Employee Alumnus

Hi,

how do you know 200 OK is necessarily means the service is ok ?

I mean what if http is 200 but XML returns service error or something ?

also, using grep on 'Found' prints OK also for 404 Not Found so you need to change your if statement to something like this:

if [ `curl_cli -Lisk $1 | head -1 | egrep "OK|Found|Moved" | egrep -c -v "Not Found"` -gt 0 ]; then result=" [ OK ]"; fi
echo $result

but i still found some FP using this script, see TE response for example which the script returns OK for it.

[Expert@Kings_Landing:0]# curl_cli -Lisk 'http://te.checkpoint.com'
HTTP/1.1 302 Found
Location: https://te.checkpoint.com/
Connection: close

HTTP/1.1 403 Forbidden
Date: Mon, 23 Apr 2018 08:37:07 GMT
Server: CPWS
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Set-Cookie: te_cookie=ANPHKIMA; Domain=te.checkpoint.com; Expires=Thu, 20-Apr-2028 08:51:56 GMT; Path=/

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:systems@us.checkpoint.com" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
body { color: #000000; background-color: #FFFFFF; }
a:link { color: #0000CC; }
p, address {margin-left: 3em;}
span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Access forbidden!</h1>
<p>


You don't have permission to access the requested directory.
There is either no index document or the directory is read-protected.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:systems@us.checkpoint.com">webmaster</a>.

</p>

<h2>Error 403</h2>
<address>
<a href="https://community.checkpoint.com/">te.checkpoint.com</a><br />

<span>Mon Apr 23 10:37:07 2018<br />
Apache</span>
</address>
</body>
</html>

0 Kudos
PhoneBoy
Admin
Admin

I think if you get ANY response from it, you have connectivity (which is the main point of the SK).

If the services themselves aren't working, that's a different issue Smiley Happy

0 Kudos
Oren_Nudelman
Employee Alumnus
Employee Alumnus

IMO, the OK here is abused since you get OK for both 403 and 404 so it's not so reliable.

if the tool is checking http level it should print http status code and reason instead of ok.

but that's just me... 🙂

0 Kudos
PhoneBoy
Admin
Admin

A more consistent status code would be an improvement, I agree.

0 Kudos
Oren_Nudelman
Employee Alumnus
Employee Alumnus

try this code, i added check to last HTTP response and if it's not 200 it print error with status code

#!/bin/bash
check_url () {
result=" [ ERROR ]"
name="$2 "
while [ ${#name} -lt 74 ]; do name="$name."; done
echo -en "$name "
response=$(curl_cli -LiskI $1 | grep "HTTP/1.1" | awk 'END { print }')
status=$(echo "${response}" | awk 'END { print $2 " " $3 " " $4}')
status_code=$(echo ${response} | awk '{ print $2 }')
if [ "${status_code}" != "200" ]; then
echo "${result} - Got HTTP ${status_code}"
else result=" [ OK ]"
echo "${result}"
fi
}

echo
echo "sk83520 How to verify that Security Gateway and/or Security Management Server can access Check Point servers"
echo

check_url 'http://cws.checkpoint.com/APPI/SystemStatus/type/short' 'Social Media Widget Detection'
check_url 'http://cws.checkpoint.com/URLF/SystemStatus/type/short' 'URL Filtering Cloud Categorization'
check_url 'http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short' 'Virus Detection'
check_url 'http://cws.checkpoint.com/Malware/SystemStatus/type/short' 'Bot Detection'
check_url 'https://updates.checkpoint.com/' 'IPS Updates'
check_url 'http://dl3.checkpoint.com' 'Download Service Updates '
check_url 'https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService' 'Contract Entitlement '
check_url 'https://usercenter.checkpoint.com/usercenter/services/BladesManagerService' 'Software Blades Manager Service'
check_url 'http://resolver1.chkp.ctmail.com' 'Suspicious Mail Outbreaks'
check_url 'http://download.ctmail.com' 'Anti-Spam'
check_url 'http://te.checkpoint.com' 'Threat Emulation'
check_url 'http://teadv.checkpoint.com' 'Threat Emulation Advanced'
check_url 'http://kav8.zonealarm.com/version.txt' 'Deep inspection'
check_url 'http://kav8.checkpoint.com' 'Traditional Anti-Virus'
check_url 'http://avupdates.checkpoint.com/UrlList.txt' 'Traditional Anti-Virus, Legacy URL Filtering'
check_url 'http://sigcheck.checkpoint.com/Siglist2.txt' 'Download of signature updates'
check_url 'http://secureupdates.checkpoint.com' 'Manage Security Gateways'
check_url 'https://productcoverage.checkpoint.com/ProductCoverageService' 'Makes sure the machines contracts are up-to-date'
check_url 'https://sc1.checkpoint.com/sc/images/checkmark.gif' 'Download of icons and screenshots from Check Point media storage s ervers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60342479_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60096017_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://push.checkpoint.com' 'Push Notifications '
check_url 'http://downloads.checkpoint.com' 'Download of Endpoint Compliance Updates'

(1)
Srdjan_B
Collaborator
Collaborator

Hi,

when using the script I get some NOK (IPS, Contract Entitlement...) unless I put in --cacert $CPDIR/conf/ca-bundle.crt as argument of curl_cli command (more in sk110779).
0 Kudos
Luis_Miguel_Mig
Advisor

I have just noticed that the proxy configured in the GAIA is not in expert mode environment variables. Should it be?

0 Kudos
Billy
Employee Alumnus
Employee Alumnus

Hi,

I have updated the script and add the missing checks on github

https://github.com/billygr/CheckPoint/blob/master/sk83520.sh

 

Pending proxy support and view 404 errors because i don't have the exact URL to check

 

You can easy run it on the gw/mgmt without copy paste etc etc 

 

Have fun

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events