This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee Employee
Employee
‎2018-02-22 05:31 AM

sk83520 how to check connectivity to CP

One of Dameon Welch Abernathy‌ favorite SKs Smiley Happy mine too.  I'm sure most have already written own check scripts, but if you have been too busy you may use this one. Output will look like this:

 

 

If needed you may chuck in --proxy <your proxy> option into curl_cli command.  Just didn't want to make it too complex - this is just a quick fix to verify HTTP/S connectivity towards various CP servers in seconds.

FYI, I noticed that "push.checkpoint.com" returns 403 Forbidden, so I left it as "NOK" for now - script will only accept 200 OK, 301 Moved and 302 Found as valid response

As you will notice, you can add your own URLs to be checked at the bottom if you wish. 

 

#!/bin/bash
check_url () {
 result=" [ NOK ]"
 name="$2 "
 while [ ${#name} -lt 74 ]; do name="$name."; done
 echo -en "$name "
 if [ `curl_cli -Lisk $1 | head -1 | egrep -c "1.1 200|OK|Found|Moved"` -gt 0 ]; then result=" [ OK ]"; fi
 echo $result
}

echo
echo "sk83520 How to verify that Security Gateway and/or Security Management Server can access Check Point servers"
echo

check_url 'http://cws.checkpoint.com/APPI/SystemStatus/type/short' 'Social Media Widget Detection'
check_url 'http://cws.checkpoint.com/URLF/SystemStatus/type/short' 'URL Filtering Cloud Categorization'
check_url 'http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short' 'Virus Detection'
check_url 'http://cws.checkpoint.com/Malware/SystemStatus/type/short' 'Bot Detection'
check_url 'https://updates.checkpoint.com/' 'IPS Updates and Updatable Objects'
check_url 'http://crl.globalsign.com' 'CRL Globalsign'
check_url 'http://dl3.checkpoint.com' 'Download Service Updates '
check_url 'https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService' 'Contract Entitlement '
check_url 'https://usercenter.checkpoint.com/usercenter/services/BladesManagerService' 'Software Blades Manager Service'
check_url 'http://resolver1.chkp.ctmail.com' 'Suspicious Mail Outbreaks'
check_url 'http://download.ctmail.com' 'Anti-Spam'
check_url 'http://te.checkpoint.com/tecloud/Ping' 'Threat Emulation'
check_url 'http://teadv.checkpoint.com' 'Threat Emulation Advanced'
check_url 'https://threat-emulation.checkpoint.com/tecloud/Ping' 'Threat Emulation'
check_url 'https://ptcs.checkpoint.com' 'PTC Updates'
check_url 'http://kav8.zonealarm.com/version.txt' 'Deep inspection'
check_url 'http://kav8.checkpoint.com' 'Traditional Anti-Virus'
check_url 'http://avupdates.checkpoint.com/UrlList.txt' 'Traditional Anti-Virus, Legacy URL Filtering'
check_url 'http://sigcheck.checkpoint.com/Siglist2.txt' 'Download of signature updates'
check_url 'http://secureupdates.checkpoint.com' 'Manage Security Gateways'
check_url 'https://productcoverage.checkpoint.com/ProductCoverageService' 'Makes sure the machines contracts are up-to-date'
check_url 'https://sc1.checkpoint.com/sc/images/checkmark.gif' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60342479_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60096017_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://push.checkpoint.com/push/ping' 'Push Notifications '
check_url 'http://downloads.checkpoint.com' 'Download of Endpoint Compliance Updates'
check_url 'http://productservices.checkpoint.com' 'Next Generation Licensing'

 

10 Replies
PhoneBoy
Admin
Admin
‎2018-02-22 03:28 PM

There's a reason this is one of my favorite SKs: I believe I originated it Smiley Happy

XBensemhoun
Employee
Employee
‎2018-02-23 05:31 AM

Thanks https://community.checkpoint.com/people/kaspa0460ae43-b630-4a72-b063-0a8888fa3bb5

Information Security enthusiast, CISSP, CCSP
Oren_Nudelman
Employee Alumnus
Employee Alumnus
‎2018-04-23 01:46 AM

Hi,

how do you know 200 OK is necessarily means the service is ok ?

I mean what if http is 200 but XML returns service error or something ?

also, using grep on 'Found' prints OK also for 404 Not Found so you need to change your if statement to something like this:

if [ `curl_cli -Lisk $1 | head -1 | egrep "OK|Found|Moved" | egrep -c -v "Not Found"` -gt 0 ]; then result=" [ OK ]"; fi
echo $result

but i still found some FP using this script, see TE response for example which the script returns OK for it.

[Expert@Kings_Landing:0]# curl_cli -Lisk 'http://te.checkpoint.com'
HTTP/1.1 302 Found
Location: https://te.checkpoint.com/
Connection: close

HTTP/1.1 403 Forbidden
Date: Mon, 23 Apr 2018 08:37:07 GMT
Server: CPWS
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Set-Cookie: te_cookie=ANPHKIMA; Domain=te.checkpoint.com; Expires=Thu, 20-Apr-2028 08:51:56 GMT; Path=/

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:systems@us.checkpoint.com" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
body { color: #000000; background-color: #FFFFFF; }
a:link { color: #0000CC; }
p, address {margin-left: 3em;}
span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Access forbidden!</h1>
<p>


You don't have permission to access the requested directory.
There is either no index document or the directory is read-protected.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:systems@us.checkpoint.com">webmaster</a>.

</p>

<h2>Error 403</h2>
<address>
<a href="https://community.checkpoint.com/">te.checkpoint.com</a><br />

<span>Mon Apr 23 10:37:07 2018<br />
Apache</span>
</address>
</body>
</html>

0 Kudos
PhoneBoy
Admin
Admin
‎2018-04-23 07:01 AM
In response to Oren_Nudelman

I think if you get ANY response from it, you have connectivity (which is the main point of the SK).

If the services themselves aren't working, that's a different issue Smiley Happy

0 Kudos
Oren_Nudelman
Employee Alumnus
Employee Alumnus
‎2018-04-23 07:52 AM
In response to PhoneBoy

IMO, the OK here is abused since you get OK for both 403 and 404 so it's not so reliable.

if the tool is checking http level it should print http status code and reason instead of ok.

but that's just me... 🙂

0 Kudos
PhoneBoy
Admin
Admin
‎2018-04-23 08:20 AM
In response to Oren_Nudelman

A more consistent status code would be an improvement, I agree.

0 Kudos
Oren_Nudelman
Employee Alumnus
Employee Alumnus
‎2018-04-23 09:28 AM
In response to PhoneBoy

try this code, i added check to last HTTP response and if it's not 200 it print error with status code

#!/bin/bash
check_url () {
result=" [ ERROR ]"
name="$2 "
while [ ${#name} -lt 74 ]; do name="$name."; done
echo -en "$name "
response=$(curl_cli -LiskI $1 | grep "HTTP/1.1" | awk 'END { print }')
status=$(echo "${response}" | awk 'END { print $2 " " $3 " " $4}')
status_code=$(echo ${response} | awk '{ print $2 }')
if [ "${status_code}" != "200" ]; then
echo "${result} - Got HTTP ${status_code}"
else result=" [ OK ]"
echo "${result}"
fi
}

echo
echo "sk83520 How to verify that Security Gateway and/or Security Management Server can access Check Point servers"
echo

check_url 'http://cws.checkpoint.com/APPI/SystemStatus/type/short' 'Social Media Widget Detection'
check_url 'http://cws.checkpoint.com/URLF/SystemStatus/type/short' 'URL Filtering Cloud Categorization'
check_url 'http://cws.checkpoint.com/AntiVirus/SystemStatus/type/short' 'Virus Detection'
check_url 'http://cws.checkpoint.com/Malware/SystemStatus/type/short' 'Bot Detection'
check_url 'https://updates.checkpoint.com/' 'IPS Updates'
check_url 'http://dl3.checkpoint.com' 'Download Service Updates '
check_url 'https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService' 'Contract Entitlement '
check_url 'https://usercenter.checkpoint.com/usercenter/services/BladesManagerService' 'Software Blades Manager Service'
check_url 'http://resolver1.chkp.ctmail.com' 'Suspicious Mail Outbreaks'
check_url 'http://download.ctmail.com' 'Anti-Spam'
check_url 'http://te.checkpoint.com' 'Threat Emulation'
check_url 'http://teadv.checkpoint.com' 'Threat Emulation Advanced'
check_url 'http://kav8.zonealarm.com/version.txt' 'Deep inspection'
check_url 'http://kav8.checkpoint.com' 'Traditional Anti-Virus'
check_url 'http://avupdates.checkpoint.com/UrlList.txt' 'Traditional Anti-Virus, Legacy URL Filtering'
check_url 'http://sigcheck.checkpoint.com/Siglist2.txt' 'Download of signature updates'
check_url 'http://secureupdates.checkpoint.com' 'Manage Security Gateways'
check_url 'https://productcoverage.checkpoint.com/ProductCoverageService' 'Makes sure the machines contracts are up-to-date'
check_url 'https://sc1.checkpoint.com/sc/images/checkmark.gif' 'Download of icons and screenshots from Check Point media storage s ervers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60342479_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://sc1.checkpoint.com/za/images/facetime/large_png/60096017_lrg.png' 'Download of icons and screenshots from Check Point media storage servers'
check_url 'https://push.checkpoint.com' 'Push Notifications '
check_url 'http://downloads.checkpoint.com' 'Download of Endpoint Compliance Updates'

(1)
Srdjan_B
Collaborator
Collaborator
‎2019-09-27 03:06 AM
In response to Oren_Nudelman

Hi,

when using the script I get some NOK (IPS, Contract Entitlement...) unless I put in --cacert $CPDIR/conf/ca-bundle.crt as argument of curl_cli command (more in sk110779).
0 Kudos
Luis_Miguel_Mig
Advisor
‎2020-12-08 03:50 AM
In response to Srdjan_B

I have just noticed that the proxy configured in the GAIA is not in expert mode environment variables. Should it be?

0 Kudos
Billy
Employee Alumnus
Employee Alumnus
‎2021-09-08 01:21 AM
In response to Luis_Miguel_Mig

Hi,

I have updated the script and add the missing checks on github

https://github.com/billygr/CheckPoint/blob/master/sk83520.sh

 

Pending proxy support and view 404 errors because i don't have the exact URL to check

 

You can easy run it on the gw/mgmt without copy paste etc etc 

 

Have fun

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events