| 10 comments ]

Overview

The InfoView utility lets you view and analyze a CPinfo output file collected from a Check Point server.
InfoView
  • The left pane shows the data tree, which holds a hierarchical list of input data, consisting of file and directories, in addition to other text sections.
  • The right pane shows a list of tests that can be applied on the input files.

Basic actions

View file/text section
There are 3 ways to open a text file or a text section:
  • Double-click the text file/section.
  • Right-click the text file/section and select 'Open'.
  • Drag and drop the text file/section into an open window of any text editing software (e.g., Notepad, Word).
Note: With the first 2 options, the file will open in your operating system's default text editing program. You canconfigure InfoView to use a specific text editor instead.
Copy file/text section/folder
You can copy a text file, text section, or folder to any Windows folder directly from InfoView. To do this, either drag and drop the file/folder, or copy and paste it.
View the Policy in the Policy Viewer (SmartDashboard)
To better understand the gateway's set-up, and especially the policies, InfoView lets you view the CPInfo information in SmartDashboard on your desktop.
Note: This is possible only if the CPInfo output file is from a management server (i.e., Security Management/SmartCenter/Provider-1/Standalone).
  1. Make sure you have the corresponding customer version of SmartConsole installed.
  2. In InfoView, click the Policy Viewer button (see in above picture), or select 'Tools' > 'Policy' from the main menu. It might take a few minutes for SmartDashboard to show. If required, manually configure the location of different SmartDashboard versions in InfoView - select 'View' > 'Options', go to the 'Directories' tab.

Viewers

Info TabInfo Tab - Kernel table viewer
IKEViewIKEView
LicViewLicView - Check Point License string viewer
Process ViewerProcess Viewer

Advanced actions

Tree sorting
There are 2 sorting options for the data tree:
  • Sort alphabetically - Alphabetically.
  • Sort by size - By file size.
Tree searching
To search for text in the data tree, either click the 'Find' button on the main toolbar, or use the keyboard shortcut Ctrl+F.
Click the 'Find next' button, or press F3 to repeat the previous search.
Export Object File
You can remove all certificate keys from the object file (objects_5_0.C) that is imbedded in the input file. To do this, from the main menu, select 'File' > 'Export object file (fresh CA)' and save the new file.

Analysis pane

The right pane of InfoView is dedicated to analysis. Here you can see a list of tests that you can run on the input file, as well as the status and results of the tests.
To run a test, either double-click it, or select it and press the 'Test' button.
To see the test results after it has finished running, either double-click it, or select it and press the 'View' button.
Possible test statuses:
OKTest Passed
SuspiciousPossible problem (test this issue manually)
IrrelevantThis test is irrelevant to the given input file
Not TestedThis test has not been executed yet

Icon legend

Text section
Text file
Text file (Unavailable - not collected)
Text file (Soft Link)
Text file (Registry)
Text File (WinMSD)
Folder
Root Icon - Firewall is installed
Root Icon - Meta IP is installed
Root Icon - Provider-1 is installed
Root Icon - SecureClient is installed

Data tree

Server Information
To see the server information, right-click the server name (the root of the tree) and select 'Properties'.
Here you can see the server version, if the server is a Security Gateway or Security Management and more.
$FWDIR directory
The tree shows the $FWDIR directory collected by the CPInfo utility from the server. Here you can find some useful files, such as:
  • In the conf directory:
    • objects_5_0.C - Full database objects file.
    • fwauth.NDB - All users the administrator defined on the SmartDashboard.
    • fwauthd.conf - Configuration file of the Security Servers.
    • asm.C - IPS configuration file.
    • classes.C - Definitions of the fields in the CP Database files.
  • In the log directory:
    • fwd.elg - fwd process log file. In the output file, you can find any messages that may have occurred on or about the time a problem was identified. Dates are associated with messages in the file.
    • fwm.elg - fwm process log file.
  • In the database directory, you can see all of the relevant policy files for the Security Gateway.
$CPDIR directory
The tree shows the $CPDIR directory collected by the CPInfo utility from the server.
Here you can find some useful files, such as:
  • In the log directory:
    • cpd.elg - CPD log file. Shows useful information about SIC related issues, CP WatchDog log files (cpwd.elg), processes crashes and more.
  • In the registry directory:
    • HKLM_registry.data - Shows all products and fixes installed on the system.
Other items on the data tree:
  • CP components - Shows overview information about the products installed on the system (such as Acceleration [PPACK], Advanced routing [ADVR], etc.). Might be useful for comparing cluster members.
  • CP Status - Shows policy name and install time, FW connections and packet statistics (per interface as well).
  • FireWall-1 Version Information - Shows the FW & OS patch level including HFAs.
  • System Information:
    • date - Date and time on the machine when the CPInfo was collected (useful for sync issues and logs referral).
    • ethtool - Interface configuration and status.
    • ethtool -i - Interface driver version.
    • uname -a - OS information, date of OS kernel compilation.
    • uptime - When the system was last rebooted.
    • ps auxww - Processes list (CPU/Memory consumption, PID, full process path).
    • vmstat 1 10 - Machine CPU consumption. User/Kernel space (us=user space, sy=kernel space, id=idle cpu).
    • top -n 2 - System resources usage. Overview: system (kernel), user, softirq (CPU software interrupts), iowait (HD operation), memory usage status, and processes list (as in ps auxww).
    • env - Environment variables.
    • df -k - Hard disk space information.
    • Package Manager Report (RPM) - Output of rpm -qa command. List of RPMs installed.
    • List PCI devices (lspci -nv) - list of hardware devices. Class 0200 stands for Interface Card (NIC). Class and Subsystem information will assist you to identify the exact NIC model in the PCI IDs list . See theHardware Compatibility List to make sure the NIC is supported.
    • Interrupts Information (/proc/interrupts) - Hardware device per IRQ list.
    • Memory Information (free -k -t) - Free memory available. Calculated as explained in sk32206.
    • Loaded Modules (lsmod) - List of kernel modules currently loaded (FW, VPN, acceleration kernel modules, interface drivers, etc).
    • Additional Memory Information (meminfo) - Output of cat /proc/meminfo. for additional memory details such as 'HighTotal' > high kernel memory allocated by the OS during reboot.
    • Additional CPU Information (cpuinfo) - Output of cat /proc/cpuinfo. Specifies the CPU vendor and model, and number of processors.
    • System's Hardware - Server vendor and model details, bios details.
  • IP Interfaces:
    • ifconfig -a - Full details about the interfaces: MAC, MTU, IP, Mask, etc. Can assist in identifying the master in a VRRP cluster (only the master has 'vrrpmac' addresses in this output.
    • fw ctl iflist - Interfaces mapping to the IDs given by the OS during boot. In the kernel debug's output, the interfaces are identified with those IDs, instead of the interfaces' names.
    • fw getifs - Summary display of IP addresses per interface.
  • Netstat Information:
    • netstat -rnv - Full routing table (for routing/advanced routing troubleshooting, cluster members comparison).
    • netstat -i - Interface packets statistics, RX/TX drops and errors per interface.
    • netstat -s - OS statistics per protocol (ICMP, IP, UDP, TCP).
    • netstat -nap - List of open (listening) ports per process, and established connections per process (helps to identify which process is occupying each port at the time the CPInfo was collected).
    • arp -a - ARP table output. Use the MAC addresses to crossover information with traffic captures. If the word "Incomplete" is shown in the output file, it may be an indication that automatic ARP is not working.
  • FW-1 Accelerator - Acceleration device (SecureXL/PPACK) status, build, statistics, accelerated connections and SIM affinity information. "accel packets"/"F2F packets" ratio will give you indication regarding acceleration efficiency. SIM affinity customization can increase performance as well - see sk33506.
  • FireWall-1 Tables - Short Format - Output of fwtab -t -s, list of all kernel tables (connections table ['connections' / ID 8158], NAT table ['fwx_alloc' / ID 8187], etc) and current value of each table (#VALS column).
  • FireWall-1 Statistics (fw ctl pstat) - The last parameter in the output file is State Sync (used for Cluster troubleshooting). It show 'off' when it is off, and shows packets statistics when it is on.
  • FireWall-1 Debug (fw ctl debug) - Shows which kernel debug flags are on.
  • FireWall-1 Chain/Connections Modules - Output of 'fw ctl chain/connections', list of loaded FW chains (corresponds with installed products). Must be identical between cluster members.
  • Overlapping Encryption Domains - Might cause VPN related issues.
  • High Availability - Clustering-related information
    • High Availability State (cphaprob state) - Indicates the cluster mode, the status of the cluster member itself and how this cluster member perceives the status of other cluster members. View and compare statuses of each cluster member.
    • High Availability -i list (cphaprob -i list) - View a Pnote "device" that may be in a problem state. Cluster member status is 'down' when a Pnote is in 'Problem' state.
    • High Availability interfaces (cphaprob -a if) - This output file shows the status of the interfaces for that cluster and VIP addresses, and CCP mode of the interfaces. The number of "Required interfaces" (determined during boot) and the CCP mode (multicast/broadcast) must be the same on both members.
    • High Availability SyncStat (cphaprob syncstat) - Synchronization statistics - refer to Cluster Admin Guide for output analysis in order to tell if there is a sync related problem.
  • VSX Information (CTX 0) [on a VSX machine] - Contains information about the CTX IDs (VS IDs), status and policy details of the VSX physical box and of the Virtual Devices.
  • CP License - Output of cplic print, license information. Using the wrong license might cause unexpected behavior.
  • CPWD (Watch Dog) information - Output of cpwd_admin list, list of all processes monitored by CP Watchdog and their status.
  • DLL_EXEC_Kernel versions - Current builds of system files. You can use this information to check the current builds and to verify if provided Hotfix replaced the files it should.
    • DLL versions - Current build of library files ($FWDIR/lib).
    • EXEC versions - Current build of binary files ($FWDIR/bin).
    • Kernel versions - Current build of kernel modules files ($FWDIR/boot/modules).
  • /var/log/messages:
    • When no buffer is defined in kernel, system messages are sent directly to the OS.
    • We refer to these as "console messages" since in most OSs the messages are printed to the console and copied to /var/log/messages or /var/adm/messages.
    • This is why error messages (which are generated out of debugging context) are sent to the console.
    • When generated in debugging context, error messages are not directed to the console but to the debug buffer, together with all other messages.
    • In Windows, "console messages" in fact appear in the event viewer.
  • /var/log/routing_messages - Advanced routing error messages, search for errors when troubleshooting dynamic routing (GateD) related issues.
  • /etc/resolv.conf - DNS configuration file.
  • /etc/hosts - IP address per hostname mapping. In a cluster environment, misconfiguration of this file might cause unexpected behavior. See sk42952.
  • /etc/sysconfig/ethtab - Interface name per MAC address, OS mapping.
  • /etc/sysconfig/netconf.C - OS interfaces and routing configuration file. Compare it to /etc\sysconfig/ethtab when troubleshooting IP/MAC address mismatches.

  • Disabling SmartMap before launching the Policy Viewer

    SmartMap can make SmartDashboard crash or hang for a long time before SmartDashboard launches from InfoView.
    To disable SmartMap:
    1. Open the CPInfo file in a text editor.
    2. Find and replace all instances of:totally_disable_VPE (false)
      Tototally_disable_VPE (true)
      (The value is defined in the object_5_0.C file).
    3. Save a copy of the edited CPInfo file.
    4. Re-open it in InfoView.

    InfoView for Provider-1 (pInfoView)

    Use the pInfoView tool to view a CPInfo output file collected from a Provider-1 server (MDS level).
    pInfoView
    • The Left pane shows a list of all of the CMAs, arranged under the MDS. The grayed out CMA icons represent CMAs that were not collected by the CPInfo utility.
    • The consists of two sub-panes:
      • The left sub-pane shows the data tree, which holds a hierarchical list of input data, consisting of file and directories, in addition to other text sections.
      • The right sub-pane shows a list of tests that can be applied on the selected MDS/CMA.
    Icon legend
    In addition to the icons that are listed above, pInfoView includes these 3 icons:
    MDSMDS - Selecting this icon changes the context of the right pane to MDS
    CMACMA - Selecting this icon changes the context of the right pane to this CMA
    CMA (Unavailable)CMA (Unavailable)

    Configuring InfoView to use a specific text editor

    Procedure:
    1. Open InfoView.
    2. From the main menu, select 'View' > 'Options'.
    3. Under 'File Editor', select 'user defined'.
    4. Click 'Browse' and select your preferred text editor.
    5. Click 'OK'.
    Download the InfoView package.For more information about CPInfo, see these Solutions:

10 comments

Ambika said... @ October 2, 2015 at 6:01 AM

if i share this blog weblogic Server Training in Chennai aims to teach professionals and beginners to have perfect solution of their learning needs in server technologies.Weblogic server training In Chennai

Ambika said... @ October 2, 2015 at 6:02 AM

if learned in this site.what are the tools using in sql server environment and in warehousing have the solution thank ..Msbi training In Chennai

Ambika said... @ October 2, 2015 at 6:02 AM

i wondered keep share this sites .if anyone wants realtime training Greens technolog chennai in Adyar visit this blog..performance tuning training In Chennai

Ambika said... @ October 2, 2015 at 6:03 AM

As your information sybase very nice its more informative and gather new ideas implemnted thanks for sharing this blogsybase training In Chennai

Ambika said... @ October 2, 2015 at 6:03 AM

i gain the knowledge of Java programs easy to add functionalities play online games, chating with others and industry oriented coaching available from greens technology chennai in Adyar may visit.Core java training In Chennai

Ambika said... @ October 2, 2015 at 6:03 AM

I have read your blog and I got very useful and knowledgeable information from your blog. It’s really a very nice article Spring training In Chennai

Ambika said... @ October 2, 2015 at 6:03 AM

fantastic presentation .We are charging very competitive in the market which helps to bring more oracle professionals into this market. may update this blog . Oracle training In Chennai which No1:Greens Technologies In Chennai


priya sharma said... @ March 31, 2017 at 9:45 PM

Shree Ram Techno Solutions Provides CCTV Camera, Security Camera, Wireless Security, Attendance System, Access Control System, DVR, NVR, Spy Camera, Fire Alarm, Security Alarm, PCI, IP Network Camera, Dome Camera, IR Camera, CCTV, Camera Price, HIKVISION, SCATI, Time Machine

CCTV CAmera in jaipur at Rajasthan
Home security system in jaipur
Wireless Home Security System in jaipur
Realtime attendance machine in jaipur
cctv camera dealer in jaipur
Hikvision DVR in jaipur at Rajasthan
security system solutions in jaipur

priya sharma said... @ March 31, 2017 at 9:50 PM

Freelance Best Makeup & Hair Artist in Jaipur with huge experience and Specialization in Bridal and Wedding Makeup,Celebrity Makeup,Professional Makeup,Creative Makeup,Bollywood Makeup..
Fiza Makeup Academy Rajasthan
Fiza Makeup Academy
Fiza Makeup and Hair Artist
Wedding Makeup Artist in jaipur
 Bridal Makeup Artist in jaipur
 Professional Makeup Artist in jaipur
 Hair and Makeup Artist in jaipur
Celebrity Makeup Artist in jaipur
Creative Makeup Artist in jaipur
Bollywood Makeup Artist in jaipur
Character Makeup Artist in jaipur

istiaq ahmed said... @ May 31, 2019 at 10:06 AM

Amazing knowledge and I like to share this kind of information with my friends and hope they like it they why I do
Data Science Course in Pune

Post a Comment