Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Upgrading with SmartUpdate

Related Topics

Introducing SmartUpdate

Understanding SmartUpdate

SmartUpdate - Seeing it for the First Time

Common Operations

Upgrading Packages

Managing Licenses

Service Contracts

Generating CPInfo

The SmartUpdate Command Line

Introducing SmartUpdate

SmartUpdate automatically distributes applications and updates for Check Point and OPSEC Certified products, and manages product licenses. It provides a centralized means to guarantee that Internet security throughout the enterprise network is always up to date. SmartUpdate turns time-consuming tasks that could otherwise be performed only by experts into simple point and click operations.

SmartUpdate extends your organization's ability to provide centralized policy management across enterprise-wide deployments. SmartUpdate can deliver automated software and license updates to hundreds of distributed security gateways from a single management console. SmartUpdate ensures security deployments are always up-to-date by enforcing the most current security software. This provides greater control and efficiency while dramatically decreasing maintenance costs of managing global security installations.

SmartUpdate enables remote upgrade, installation and license management to be performed securely and easily. A system administrator can monitor and manage remote gateways from a central location, and decide whether there is a need for software upgrade, new installations and license modification. It is possible to remotely upgrade:

  • Check Point Security Gateways
  • Hotfixes, Hotfix Accumulators (HFAs) and patches
  • Third party OPSEC applications
  • UTM-1 Edge
  • Check Point IPSO Operating System
  • SecurePlatform

All operations that can be performed via SmartUpdate can also be done via the command line interface. See The SmartUpdate Command Line for more information.

Understanding SmartUpdate

SC_SmartUpdate

SmartUpdate installs two repositories on the Security Management server:

  • License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\.
  • Package Repository, which is stored:
    • on Windows machines in C:\SUroot.
    • on UNIX machines in /var/suroot.

    The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of nodes that can be managed in the Package Repository.

Packages and licenses are loaded into these repositories from several sources:

  • the Download Center web site (packages)
  • the Check Point DVD (packages)
  • the User Center (licenses)
  • by importing a file (packages and licenses)
  • by running the cplic command line

Of the many processes that run on the Check Point Security Gateways distributed across the corporate network, two in particular are used for SmartUpdate. Upgrade operations require the cprid daemon, and license operations use the cpd daemon. These processes listen and wait for the information to be summoned by the Security Management server.

From a remote location, an administrator logged into the Security Management server initiates operations using the SmartUpdate tool. The Security Management server makes contact with the Check Point Security Gateways via the processes that are running on these gateways in order to execute the operations initiated by the system administrator (e.g., attach a license, or upload an upgrade). Information is taken from the repositories on the Security Management server. For instance, if a new installation is being initiated, the information is retrieved from the Package Repository; if a new license is being attached to remote gateway, information is retrieved from the License & Contract Repository.

This entire process is Secure Initial Communication (SIC) based, and therefore completely secure.

SmartUpdate - Seeing it for the First Time

SmartUpdate has two tabs:

  • Packages tab shows the packages and Operating Systems installed on the Check Point Security Gateways managed by the Security Management server. Operations that relate to packages can only be performed in the Packages tab.
  • Licenses tab shows the licenses on the managed Check Point Security Gateways. Operations that relate to licenses can only be performed in the Licenses tab.

These tabs are divided into a tree structure that displays the packages installed and the licenses attached to each managed Security Gateway.

The tree has three levels:

  • Root level shows the name of the Security Management server to which the GUI is connected.
  • Second level shows the names of the Check Point Security Gateways configured in SmartDashboard.
  • Third level shows the Check Point packages (in the Packages tab) or installed licenses (in the Licenses tab) on the Check Point Security Gateway.

Additionally, the following panes can be displayed:

  • Package Repository - shows all the packages available for installation. To view this pane, select Packages > View Repository.
  • License & Contract Repository - shows all licenses (attached or unattached). To view this pane, select Licenses > View Repository.
  • Operation Status - shows past and current SmartUpdate operations. To view this pane, select Operations > View Status. In this pane you can read about:
    • Operations performed (e.g., Installing package <X> on Gateway <Y>, or Attaching license <L> to Gateway <Y>.).
    • The status of the operation being performed, throughout all the stages of its development (for instance, operation started, or a warning).
    • A progress indicator.
    • The time that the operation takes to complete.

Common Operations

Drag and Drop - Packages and licenses can be dragged and dropped from the Repositories onto the Security Gateways in the Package/Licenses Management tree. This drag and drop operation will invoke the distribute or attach operation respectively.

Search - To search for a text string: select Tools > Find. In Find what, enter a string to search for. Select search location: Network Objects License & Contract tab or Package Repository.

Sort - To sort in ascending or descending order, click the column title in the Licenses or Packages tab.

Expand or Collapse - To expand or collapse the Check Point Security Gateways tree structure, right-click on the tree root and choose Expand/Collapse.

Change view - To change the Repository view, right-click on a blank row or column in the Repository window and select an option. For example, in the Licenses Repository you can select to see only the attached licenses.

Clear Repository of completed operations - To clear a single operation, select the line in the Operation Status window and press the Delete key, or right-click and select Clear. To clear all completed operations from the Operation Status window, select Status > Clear all completed operations.

See operation details - To view operation details, in the Operation Status window, double-click the operation entry. The Operation Details window shows the operation description, start and finish times, and progress history. The window is resizable. To copy the Status lines to the clipboard, select the line, right-click and choose Copy.

Print views - To print a view, select File > Print. The Choose Window is displayed. Select the window that you would like to print, e.g., Operation Status or License & Contract Repository. Optionally, you can adjust the print setup settings, or preview the output.

See logs -

  • Log of SmartUpdate package operations - $SUROOT\log\su.elg.
  • Audit log of SmartUpdate operations - SmartView Tracker Audit View.

Upgrading Packages

The latest management version can be applied to a single Check Point Security Gateway, or to multiple Check Point Security Gateways simultaneously. Use the Upgrade all Packages operation to bring packages up to the most current management version.

When you perform Upgrade all Packages all products are upgraded to the latest Security Management server version. This process upgrades both the software packages and its related HFA (that is, the most up to date HFA is installed). Once the process is over, the software packages and the latest HFA will exist in the Package Repository.

To upgrade Check Point packages to versions earlier than the latest available version, they must be upgraded one-by-one. Use the Distribute operation to upgrade packages to management versions other than the most current, or to apply specific HFAs.

In addition, SmartUpdate recognizes gateways that do not have the latest HFA. When you right-click an HFA in the Package Repository and select Distribute for that specific HFA, you will receive a recommendation to install a new HFA on the gateways that do not have it.

Prerequisites for Remote Upgrades

  • Make sure that SmartUpdate connections are allowed. Go to SmartDashboard > Policy > Global Properties > FireWall Implied Rules, and make sure that Accept SmartUpdate Connections is selected.
  • Secure Internal Communication (SIC) must be enabled between the Security Management server and remote Check Point Security Gateways.

Retrieving Data from Check Point Security Gateways

In order to know exactly what OS, vendor and management version is on each remote gateway, you can retrieve that data directly from the gateway.

  • To retrieve data on a specific Check Point Security Gateway, right-click on the gateway in the Package Management window and select Get Gateway Data.
  • If you are installing or upgrading multiple Check Point Security Gateways, from the Packages menu select Get Data From All.

Adding New Packages to the Package Repository

To distribute (that is, install) or upgrade a package, you must first add it to the Package Repository. You can add packages to the Package Repository from the following three locations:

Download Center

  1. Select Packages > New Package > Add from Download Center.
  2. Accept the Software Subscription Download Agreement.
  3. Enter your user credentials.
  4. Select the packages to be downloaded. Use the Ctrl and Shift keys to select multiple files. You can also use the Filter to show just the packages you need.
  5. Click Download to add the packages to the Package Repository.

User Center

Use this procedure for adding OPSEC packages and Hotfixes to the Package Repository.

  1. Open a browser to the Check Point Support Center.
  2. Select the package you want to upgrade.
  3. Enter your user credentials.
  4. Accept the Software Subscription Download Agreement.
  5. Choose the appropriate platform and package, and save the download to the local disk.
  6. Select Packages > New Package > Import File.
  7. In the Add Package window, navigate to the desired .tgz file and click Open to add the packages to the Package Repository.

Check Point DVD

  1. Select Packages > New Package > Add from CD/DVD.
  2. Browse to the optical drive, and click OK.

    A window opens, showing the available packages on the DVD.

  3. Select the packages to add to the Package Repository (Ctrl-select for more than one package).
  4. Click OK.

Verifying the Viability of a Distribution

Verify that the distribution (that is, installation) or upgrade is viable based upon the Check Point Security Gateway data retrieved. The verification process checks that:

  • the Operating System and currently distributed packages are appropriate for the package to be distributed,
  • there is sufficient disk space,
  • the package is not already distributed,
  • the package dependencies are fulfilled.

To manually verify a distribution, select Packages > Pre-Install Verifier….

Transferring Files to Remote Devices

When you are ready to upgrade or distribute packages from the Package Repository, it is recommended to transfer the package files to the devices to be upgraded. Placing the file on the remote device shortens the overall installation time, frees Security Management server for other operations, and reduces the chance of a communications error during the distribute/upgrade process. Once the package file is located on the remote device, you can activate the distribute/upgrade whenever it is convenient.

Transfer the package file(s) to the directory $SUROOT/tmp on the remote device. If this directory does not exist, do one of the following:

  • For Windows gateways, place the package file in the directory SYSTEMDRIVE\temp (SYSTEMDRIVE is usually C:\)
  • For UNIX gateways, place the package file in the directory /opt/.

Distributions and Upgrades

You can upgrade all packages on one remote gateway, or you can distribute specific packages one-by-one for all gateways.

Upgrading All Packages on a Check Point Remote Gateway

All Check Point packages on a single remote gateway, other than the operating system, can be remotely upgraded in a single operation. The Upgrade all Packages function allows you to simultaneously distribute or upgrade multiple packages to the latest management version. Proceed as follows:

  1. Select Packages > Upgrade all Packages.
  2. From the Upgrade All Packages window, select the Check Point Security Gateways that you want to upgrade. Use the Ctrl and Shift keys to select multiple devices.

    Note - The Reboot if required... option (checked by default) is required in order to activate the newly distributed package.

  3. If one or more of the required packages are missing from the Package Repository, the Download Packages window opens. Download the required package directly to the Package Repository.
  4. Click Upgrade.

    The installation proceeds only if the upgrade packages for the selected packages are available in the Package Repository.

Updating a Single Package on a Check Point Remote Gateway

Use this procedure to select the specific package that you want to apply to a single package. The distribute function allows you to:

  • Upgrade the OS on an IP appliance or on SecurePlatform
  • Upgrade any package to a management version other than the latest
  • Apply Hot Fix Accumulators (HFAs)

Proceed as follows:

  1. In the Package Management window, click the Check Point Security Gateway you want to upgrade.
  2. Select Packages > distribute.
  3. From the distribute Packages window, select the package that you want to distribute. Use the Ctrl and Shift keys to select multiple packages, and then click distribute.

    The installation proceeds only if the upgrade packages selected are available in the Package Repository.

Upgrading UTM-1 Edge Firmware with SmartUpdate

The UTM-1 Edge gateway firmware represents the software that is running on the appliance. The UTM-1 Edge gateway's firmware can be viewed and upgraded using SmartUpdate. This is a centralized management tool that is used to upgrade all gateways in the system by downloading new versions from the download center. When installing new firmware, the firmware is prepared at the Security Management server, downloaded and subsequently installed when the UTM-1 Edge gateway fetches for updates. Since the UTM-1 Edge gateway fetches at periodic intervals, you will notice the upgraded version on the gateway only after the periodic interval has passed.

If you do not want to wait for the fetch to occur you can download the updates with the Push Packages Now (UTM-1 Edge only) option in the Packages menu. With this option it is possible to create a connection with UTM-1 Edge in order to access new (that is, the latest) software package(s). The distribution is immediate and avoids the need to wait for the fetch to get the package.

Canceling and Uninstalling

You can stop a distributed installation or upgrade while in progress.

To cancel a SmartUpdate operation:

  • Select Status > Stop Operation.

At a certain point in any operation, the Stop Operation function becomes unavailable. You can cancel the operation after this point. This will uninstall changes made. Use this also to uninstall distributed installations or upgrades.

To uninstall:

  1. Wait for the operation to complete.
  2. Select Packages > Uninstall.

    Note - Uninstallation restores the gateway to the last management version distributed.

Uninstalling Installations and Upgrades

If you want to cancel an operation and you have passed the point of no return, or the operation has finished, you can uninstall the upgrade by selecting Packages > Uninstall.

Note - Uninstallation restores the gateway to the last management version distributed.

Restarting the Check Point Security Gateway

After you distribute an upgrade or uninstall, reboot the gateway.

To restart the gateway:

  • Select Reboot if required at the final stage of upgrade or uninstall.
  • Select Packages > Reboot Gateway.

Recovering from a Failed Upgrade

If an upgrade fails on SecurePlatform, SmartUpdate restores the previously distributed version.

SecurePlatform Automatic Revert

If an upgrade or distribution operation fails on a SecurePlatform device, the device will reboot itself and automatically revert to the last version distributed.

Snapshot Image Management

Before performing an upgrade, you can use the command line to create a Snapshot image of the SecurePlatform OS, or of the packages distributed. If the upgrade or distribution operation fails, you can use the command line to revert the disk to the saved image.

  • To create a Snapshot file on the gateway, type:

    cprinstall snapshot <object name> <filename>

  • To show the available Snapshot files, type:

    cprinstall show <object name>

  • To revert to a given Snapshot file, type:

    cprinstall revert <object name> <filename>

    Note - Snapshot files are stored at /var/CPsnapshot on the gateway.

Deleting Packages from the Package Repository

To clear the Package Repository of extraneous or outdated packages, select a package, or Ctrl-select multiple packages and select Packages > Delete Package. This operation cannot be undone.

Managing Licenses

With SmartUpdate, you can manage all licenses for Check Point packages throughout the organization from the Security Management server. SmartUpdate provides a global view of all available and installed licenses, allowing you to perform such operations as adding new licenses, attaching licenses and upgrading licenses to Check Point Security Gateways, and deleting expired licenses. Check Point licenses come in two forms, Central and Local.

  • The Central license is the preferred method of licensing. A Central license ties the package license to the IP address of the Security Management server. That means that there is one IP address for all licenses; that the license remains valid if you change the IP address of the gateway; and that a license can be taken from one Check Point Security Gateway and given to another with ease. For maximum flexibility, it is recommended to use Central licenses.
  • The Local license is an older method of licensing, however it is still supported by SmartUpdate. A Local license ties the package license to the IP address of the specific Check Point Security Gateway, and cannot be transferred to a gateway with a different IP address.

When you add a license to the system using SmartUpdate, it is stored in the License & Contract Repository. Once there, it must be installed to the gateway and registered with the Security Management server. Installing and registering a license is accomplished through an operation known as attaching a license. Central licenses require an administrator to designate a gateway for attachment, while Local licenses are automatically attached to their respective Check Point Security Gateways.

Licensing Terminology

  • Add

    Licenses received from the User Center should first be added to the License & Contract Repository. Adding a local license to the License & Contract Repository also attaches it to the gateway.

    Licenses can be conveniently imported to the License & Contract Repository via a file and they can be added manually by pasting or typing the license details.

  • Attach

    Licenses are attached to a gateway via SmartUpdate. Attaching a license to a gateway involves installing the license on the remote gateway, and associating the license with the specific gateway in the License & Contract Repository.

  • Central License

    A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are:

    • Only one IP address is needed for all licenses.
    • A license can be taken from one gateway and given to another.
    • The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.
  • Certificate Key

    The Certificate Key is a string of 12 alphanumeric characters. The number is unique to each package. For an evaluation license your certificate key can be found inside the mini pack. For a permanent license you should receive your certificate key from your reseller.

  • CPLIC

    A command line for managing local licenses and local license operations. For additional information, refer to the R76 Command Line Interface Reference Guide.

  • Detach

    Detaching a license from a gateway involves uninstalling the license from the remote gateway and making the license in the License & Contract Repository available to any gateway.

  • State

    Licenses can be in one of the following states:

    The license state depends on whether the license is associated with the gateway in the License & Contract Repository, and whether the license is installed on the remote gateway. The license state definitions are as follows:

    • Attached indicates that the license is associated with the gateway in the License & Contract Repository, and is installed on the remote gateway.
    • Unattached indicates that the license is not associated with the gateway in the License & Contract Repository, and is not installed on any gateway.
    • Assigned is a license that is associated with the gateway in the License & Contract Repository, but has not yet been installed on a gateway.
  • Upgrade Status is a field in the License & Contract Repository that contains an error message from the User Center when the Upgrade process fails.
  • Get

    Locally installed licenses can be placed in the License & Contract Repository, in order to update the repository with all licenses across the installation. The Get operation is a two-way process that places all locally installed licenses in the License & Contract Repository and removes all locally deleted licenses from the License & Contract Repository.

  • License Expiration

    Licenses expire on a particular date, or never. After a license has expired, the functionality of the Check Point package may be impaired.

  • Local License

    A Local License is tied to the IP address of the specific gateway and can only be used with a gateway or a Security Management server with the same address.

  • Multi-License File

    Licenses can be conveniently added to a gateway or a Security Management server via a file, rather than by typing long text strings. Multi-license files contain more than one license, and can be downloaded from the Check Point User Center.

    Multi-license files are supported by the cplic put, and cplic add command-line commands.

  • Features

    A character string that identifies the features of a package.

License Upgrade

One of the many SmartUpdate features is to upgrade licenses that reside in the License & Contract Repository. SmartUpdate will take all licenses in the License & Contract Repository, and will attempt to upgrade them with the use of the Upgrade tool.

The License Attachment Process

Introducing the License Attachment Process

When a Central license is placed in the License & Contract Repository, SmartUpdate allows you to attach it to Check Point packages. Attaching a license installs it to the remote gateway and registers it with the Security Management server.

New licenses need to be attached when:

  • An existing license expires.
  • An existing license is upgraded to a newer license.
  • A Local license is replaced with a Central license.
  • The IP address of the Security Management server or Check Point Security Gateway changes.

Attaching a license is a three step process.

  1. Get real-time license data from the remote gateway.
  2. Add the appropriate license to the License & Contract Repository.
  3. Attach the license to the device.

The following explains the process in detail.

Retrieving License Data from Check Point Security Gateways

To know exactly what type of license is on each remote gateway, you can retrieve that data directly from the gateway.

  • To retrieve license data from a single remote gateway, right-click on the gateway in the License Management window and select Get Check Point Security Gateway Licenses.
  • To retrieve license data from multiple Check Point Security Gateways, from the Licenses menu and select Get All Licenses.

Adding New Licenses to the License & Contract Repository

To install a license, you must first add it to the License & Contract Repository. You can add licenses to the License & Contract Repository in the following ways:

Download From the User Center
  1. Select Network Objects License & Contract tab > Add License > From User Center
  2. Enter your credentials.
  3. Perform one of the following:
    • Generate a new license - if there are no identical licenses, the license is added to the License & Contract Repository.
    • Change the IP address of an existing license, that is, Move IP.
    • Change the license from Local to Central.
Importing License Files
  1. Select Licenses & Contract > Add License > From File.
  2. Browse to the location of the license file, select it, and click Open.

A license file can contain multiple licenses. Unattached Central licenses appear in the License & Contract Repository, and Local licenses are automatically attached to their Check Point Security Gateway. All licenses are assigned a default name in the format SKU@ time date, which you can modify at a later time.

Add License Details Manually

You may add licenses that you have received from the Licensing Center by email. The email contains the license installation instructions.

  1. Locate the license:
    • If you have received a license by email, copy the license to the clipboard. Copy the string that starts with cplic putlic... and ends with the last SKU/Feature. For example: cplic putlic 1.1.1.1 06Dec2002 dw59Ufa2-eLLQ9NB-gPuyHzvQ-WKreSo4Zx CPSUITE-EVAL-3DES-NGX CK-1234567890
    • If you have a hard copy printout, continue to step 2.
  2. Select the Network Objects License & Contract tab in SmartUpdate.
  3. Select Licenses > Add License > Manually. The Add License window appears.
  4. Enter the license details:
    • If you copied the license to the clipboard, click Paste License. The fields will be populated with the license details.
    • Alternatively, enter the license details from a hard-copy printout.
  5. Click Calculate, and make sure the result matches the validation code received from the User Center.
  6. You may assign a name to the license, if desired. If you leave the Name field empty, the license is assigned a name in the format SKU@ time date.
  7. Click OK to complete the operation.

Attaching Licenses

After licenses have been added to the License & Contract Repository, select one or more licenses to attach to a Check Point Security Gateway.

  1. Select the license(s).
  2. Select Network Objects License & Contract tab > Attach.
  3. From the Attach Licenses window, select the desired device.

If the attach operation fails, the Local licenses are deleted from the Repository.

Detaching Licenses

Detaching a license involves deleting a single Central license from a remote Check Point Security Gateway and marking it as unattached in the License & Contract Repository. This license is then available to be used by any Check Point Security Gateway.

To detach a license, select Network Objects License & Contract tab > Detach and select the licenses to be detached from the displayed window.

Deleting Licenses from the License & Contract Repository

Licenses that are not attached to any Check Point Security Gateway and are no longer needed can be deleted from the License & Contract Repository.

To delete a license:

  1. Right-click anywhere in the License & Contract Repository and select View Unattached Licenses.
  2. Select the unattached license(s) to be deleted, and click Delete.

Viewing License Properties

The overall view of the License & Contract Repository displays general information on each license such as the name of the license and the IP address of the machine to which it is attached. You can view other properties as well, such as expiration date, SKU, license type, certificate key and signature key.

To view license properties, double-click on the license in the Licenses tab.

Checking for Expired Licenses

After a license has expired, the functionality of the Check Point package will be impaired; therefore, it is advisable to be aware of the pending expiration dates of all licenses.

To check for expired licenses, select Licenses > Show Expired Licenses.

To check for licenses nearing their dates of expiration:

  1. In the License Expiration window, set the Search for licenses expiring within the next x days property.
  2. Click Apply to run the search.

To delete expired licenses from the License Expiration window, select the detached license(s) and click Delete.

Exporting a License to a File

Licenses can be exported to a file. The file can later be imported to the License & Contract Repository. This can be useful for administrative or support purposes.

To export a license to a file:

  1. In the Licenses Repository, select one or more licenses, right-click, and from the menu select Export to File….
  2. In the Choose File to Export License(s) To window, name the file (or select an existing file), and browse to the desired location. Click Save.

All selected licenses are exported. If the file already exists, the new licenses are added to the file.

Managing Multi-Domain Security Management Licenses with SmartUpdate

To manage licenses using SmartUpdate, select the SmartUpdate view in the SmartDomain Manager Selection Bar. If you loaded SmartUpdate, you can also right-click a Multi-Domain Server object and select Applications > SmartUpdate from the Options menu. Licenses for components and blades are stored in a central repository.

To view repository contents:

  1. Select SmartUpdate from the SmartDomain Manager Main menu.
  2. Select SmartUpdate > Network Objects License & Contract > View Repository. The repository pane shows in the SmartUpdate view.

To add new licenses to the repository:

  1. Select SmartUpdate from the SmartDomain Manager Main menu.
  2. Select SmartUpdate > Network Objects License & Contract > Add License.
  3. Select a method for adding a license:
    • From User Center - Obtain a license file from the User Center.
    • From file - Import a license file to the repository.
    • Manually - Open the Add License window and enter licenses information manually. You can copy the license string from a file and click Past License to enter the data.

    You can now see the license in the repository.

To attach a license to a component:

  1. In the SmartDomain Manager, select SmartUpdate.
  2. Select SmartUpdate > Network Objects License & Contract > Attach License.
  3. Select a license from the Attach Licenses window. The license shows as attached in the repository.

For more about license management tasks in SmartUpdate, see the R76 Security Management Administration Guide.

Web Security License Enforcement

A gateway or gateway cluster requires a Web Security license if it enforces one or more of the following protections:

  • Malicious Code Protector
  • LDAP Injection
  • SQL Injection
  • Command Injection
  • Directory Listing
  • Error Concealment
  • ASCII Only Request
  • Header Rejection
  • HTTP Methods

Service Contracts

Before upgrading a gateway or Security Management server, you need to have a valid support contract that includes software upgrade and major releases registered to your Check Point User Center account. The contract file is stored on Security Management server and downloaded to Check Point Security Gateways during the upgrade process. By verifying your status with the User Center, the contract file enables you to easily remain compliant with current Check Point licensing standards.

For more on service contracts, see the Service Contract Files Web page.

Generating CPInfo

CPInfo is a support tool that gathers into one text file a wide range of data concerning the Check Point packages in your system. When speaking with a Check Point Technical Support Engineer, you may be asked to run CPInfo and transmit the data to the Support Center. Download the tool from the Support Center.

To launch CPInfo, select Tools > Generate CPInfo.

  1. Choose the directory to which you want to save the output file.
  2. Choose between two methods to name the file:
    • based on the SR number the technician assigns you, or
    • a custom name that you define.
  3. Optionally, you may choose to add:
    • log files to the CPInfo output.
    • the registry to the CPInfo output.

The SmartUpdate Command Line

All management operations that are performed via the SmartUpdate GUI can also be executed via the command line. There are three main commands:

  • cppkg to work with the Packages Repository.
  • cprinstall to perform remote installations of packages.
  • cplic for license management.

For details on how to use these commands, see the R76 Command Line Interface Reference Guide.

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print