CPme - HTML Report

Hostname

DE-FRA-01-FW01-01

CP Version

This is Check Point's software version R80.40 - Build 105

Kernel

Linux DE-FRA-01-FW01-01 3.10.0-957.21.3cpx86_64 #1 SMP Fri Aug 21 06:07:25 IDT 2020 x86_64 x86_64 x86_64 GNU/Linux

Policy

DE-FRA-01

Blades

fw identityServer

Uptime

13:33:27 up 3 days, 2:10, 2 users, load average: 0.16, 0.07, 0.06

CPme Version

v0.21 (by Simon Brecht, https://github.com/0x7c2/cpme/)

Created

Fri Oct 16 13:33:27 CEST 2020

Status

11 Failed ✓ 43 Information(s) ✓ 127 Passed ✓ 6 Warning(s) ✓

CPU

Topic	Detail	State
Checking CPU usage (peak - CPU 0): Interface eth1, Interface eth2, Interface eth3, Interface Mgmt, Interface eth4,	1%	PASS
Checking CPU usage (peak - CPU 1): fw_2	30%	PASS
Checking CPU usage (peak - CPU 2): fw_1	9%	PASS
Checking CPU usage (peak - CPU 3): fw_0	25%	PASS
Checking CPU usage (avg - CPU 0): Interface eth1, Interface eth2, Interface eth3, Interface Mgmt, Interface eth4,	0%	PASS
Checking CPU usage (avg - CPU 1): fw_2	1%	PASS
Checking CPU usage (avg - CPU 2): fw_1	0%	PASS
Checking CPU usage (avg - CPU 3): fw_0	1%	PASS

ClusterXL

Topic	Detail	State
Checking ClusterXL state (DE-FRA-01-FW01-01)	STANDBY	PASS
Checking ClusterXL state (DE-FRA-01-FW01-02)	ACTIVE	PASS
Checking ClusterXL Sync [Sync status]		PASS
Checking ClusterXL Sync [Statistics]		PASS
Checking ClusterXL PNotes [Fullsync]		PASS
Checking ClusterXL PNotes [Policy]		PASS
Checking ClusterXL PNotes [routed]		PASS
Checking ClusterXL PNotes [fwd]		PASS
Checking ClusterXL PNotes [cphad]		PASS
Checking ClusterXL PNotes [Init]		PASS
Checking ClusterXL CCP Encryption	ON	INFO
Checking ClusterXL Multiversion [ID: 1 (local)]	R80.40 T294	INFO
Checking ClusterXL Multiversion [ID: 2 R80.40]	T294 (Mismatch)	INFO

CoreXL

Topic	Detail	State
Checking Dispatcher statistics		PASS
Checking CoreXL connections		PASS

Deployment Agent

Topic	Detail	State
Check Deployment Agent Version	build 1959, megatron	PASS
Check Deployment Agent Pending Reboot		PASS
Check Packages available for install	up-to-date	PASS

Filesystem

Topic	Detail	State
File (/opt/CPsuite-R80.40/fw1/boot/modules/fwkern.conf)		PASS
File (/opt/CPsuite-R80.40/fw1/conf/fwaffinity.conf)		PASS
File (/opt/CPppak-R80.40/boot/modules/simkern.conf)		PASS
File (/opt/CPppak-R80.40/conf/simkern.conf)		PASS
File (/opt/CPsuite-R80.40/fw1/conf/trac_client_1.ttm)		PASS
File (/opt/CPsuite-R80.40/fw1/conf/ipassignment.conf)		PASS
File (/opt/CPsuite-R80.40/fw1/conf/discntd.if)		PASS

Firewall

Specific things about FireWall-1 Product

Topic	Detail	State
Checking Firewall Fragments (fragments - fragments)	4092	FAIL
Checking Firewall Fragments (fragments - expired)	0	PASS
Checking Firewall Fragments (fragments - packets)	2046	FAIL
Checking Aggressive Aging		PASS
Check kernel table overflow [connections]	unlimited	PASS
Check kernel table overflow [fwx_cache]	8/10000	PASS
Multi Queue (Available Interfaces)	No IGBx interfaces	WARN
Multi Queue (Enabled Interfaces)	not possible	INFO

GAiA

Operating System related stuff

Topic	Detail	State
Check GAiA Proxy Config	direct	PASS
GAiA Connectivity [Social Media Widget Detection...]		PASS
GAiA Connectivity [URL Filtering Cloud Categorization...]		PASS
GAiA Connectivity [Virus Detection...]		PASS
GAiA Connectivity [Bot Detection...]		PASS
GAiA Connectivity [IPS Updates...]		PASS
GAiA Connectivity [Download Service Updates ...]		PASS
GAiA Connectivity [Contract Entitlement ...]		PASS
GAiA Connectivity [Software Blades Manager Service...]		PASS
GAiA Connectivity [Suspicious Mail Outbreaks...]		PASS
GAiA Connectivity [Anti-Spam...]		PASS
GAiA Connectivity [Threat Emulatin...]		PASS
GAiA Connectivity [Threat Emulation Advanced...]		PASS
GAiA Connectivity [Deep inspection...]		PASS
GAiA Connectivity [Traditional Anti-Virus...]		PASS
GAiA Connectivity [Traditional Anti-Virus, Legacy URL...]		PASS
GAiA Connectivity [Download of signature updates...]		PASS
GAiA Connectivity [Manage Security Gateways...]		PASS
GAiA Connectivity [Makes sure the machines contracts ...]		PASS
GAiA Connectivity [Download of icons and screenshots ...]		PASS
GAiA Connectivity [Push Notifications ...]	HTTP/1.1 403 Forbidden	FAIL
GAiA Connectivity [Download of Endpoint Compliance Up...]		PASS
Dynamic Routing Instances [OSPF2]	enabled	INFO
DHCP-Relay [eth2.1000]	VIP: 10.24.0.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth2.1000]	VIP: 10.24.0.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth2.1101]	VIP: 10.24.101.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth2.1101]	VIP: 10.24.101.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth2.1102]	VIP: 10.24.102.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth2.1102]	VIP: 10.24.102.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth2.1103]	VIP: 10.24.103.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth2.1103]	VIP: 10.24.103.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth2.1104]	VIP: 10.24.104.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth2.1104]	VIP: 10.24.104.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth3.2001]	VIP: 172.24.1.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth3.2001]	VIP: 172.24.1.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth3.2101]	VIP: 172.24.101.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth3.2101]	VIP: 172.24.101.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth3.2102]	VIP: 172.24.102.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth3.2102]	VIP: 172.24.102.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth3.2103]	VIP: 172.24.103.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth3.2103]	VIP: 172.24.103.1, Server: 10.24.1.12	INFO
DHCP-Relay [eth3.2104]	VIP: 172.24.104.1, Server: 10.24.1.11	INFO
DHCP-Relay [eth3.2104]	VIP: 172.24.104.1, Server: 10.24.1.12	INFO
Check Scheduled Backup Config	not-configured	WARN
Check GAiA Snapshots	vg_splat / hwdiag (1.00g)	INFO
Check GAiA Snapshots	vg_splat / lv_fcd_GAIA (8.00g)	INFO
Checking NTP and Time		PASS

Kernel

Topic	Detail	State
Kernel/fw (fwmultik_dynamic_dispatcher_enabled)	1	INFO
Kernel/fw (fwmultik_prio_queues_enabled)	1	INFO

Licensing

Topic	Detail	State
Checking licensing (Blade: Firewall)	Entitled	PASS
Checking licensing (Blade: IPSec VPN)	Entitled	PASS
Checking licensing (Blade: IPS)	Not Entitled	INFO
Checking licensing (Blade: Anti-Spam & Email Security)	Not Entitled	INFO
Checking licensing (Blade: Application Control)	Not Entitled	INFO
Checking licensing (Blade: URL Filtering)	Not Entitled	INFO
Checking licensing (Blade: Anti-Virus)	Not Entitled	INFO
Checking licensing (Blade: Anti-Bot)	Not Entitled	INFO
Checking licensing (Blade: Threat Emulation Local)	Not Entitled	INFO
Checking licensing (Blade: Threat Emulation Cloud)	Not Entitled	INFO
Checking licensing (Blade: Threat Extraction)	Not Entitled	INFO
Checking licensing (Blade: Data Loss Prevention)	Not Entitled	INFO
Checking licensing (Blade: Content Awareness)	Entitled	PASS
Checking licensing (Blade: Mobile Access)	Entitled	PASS

Log Files

Topic	Detail	State
Checking logs (/var/log/messages*)	1090 messages	FAIL
Checking logs (/opt/CPshrd-R80.40/log/cpd.elg)	22 messages	FAIL
Checking logs (/var/log/routed.log)	1 messages	FAIL
Checking logs (/opt/CPsuite-R80.40/fw1/log/fwd.elg)	192 messages	FAIL

Management

Topic	Detail	State
Checking SIC State	Trust State: Trust established	PASS

Memory

Topic	Detail	State
Checking memory usage (average)	34%	PASS
Checking memory usage (peak)	36%	PASS
Checking memory usage (swap)	0%	PASS
Checking failed memory allocations		PASS

Networking

Topic	Detail	State
Checking interface statistics (Mgmt - rx/all)		PASS
Checking interface statistics (Mgmt - tx/all)		PASS
Checking interface statistics (eth1 - rx/all)		PASS
Checking interface statistics (eth1 - tx/all)		PASS
Checking interface statistics (eth2 - rx_dropped)	8567	FAIL
Checking interface statistics (eth2 - rx_crc_errors)		PASS
Checking interface statistics (eth2 - rx_errors)		PASS
Checking interface statistics (eth2 - rx_fifo_errors)		PASS
Checking interface statistics (eth2 - rx_frame_errors)		PASS
Checking interface statistics (eth2 - rx_length_errors)		PASS
Checking interface statistics (eth2 - rx_missed_errors)		PASS
Checking interface statistics (eth2 - rx_over_errors)		PASS
Checking interface statistics (eth2 - tx/all)		PASS
Checking interface statistics (eth3 - rx_dropped)	64486	FAIL
Checking interface statistics (eth3 - rx_crc_errors)		PASS
Checking interface statistics (eth3 - rx_errors)		PASS
Checking interface statistics (eth3 - rx_fifo_errors)		PASS
Checking interface statistics (eth3 - rx_frame_errors)		PASS
Checking interface statistics (eth3 - rx_length_errors)		PASS
Checking interface statistics (eth3 - rx_missed_errors)		PASS
Checking interface statistics (eth3 - rx_over_errors)		PASS
Checking interface statistics (eth3 - tx/all)		PASS
Checking interface statistics (eth4 - rx/all)		PASS
Checking interface statistics (eth4 - tx/all)		PASS
Checking interface statistics (eth5 - rx/all)		PASS
Checking interface statistics (eth5 - tx/all)		PASS
Checking interface statistics (eth6 - rx/all)		PASS
Checking interface statistics (eth6 - tx/all)		PASS
Checking interface statistics (eth7 - rx/all)		PASS
Checking interface statistics (eth7 - tx/all)		PASS

Process

Topic	Detail	State
Checking crashes [/var/log/crash]		PASS
Checking crashes [/var/log/dump/usermode]		PASS
Checking process (CPVIEWD)		PASS
Checking process (CPVIEWS)		PASS
Checking process (SXL_STATD)		PASS
Checking process (CPD)		PASS
Checking process (MPDAEMON)		PASS
Checking process (TP_CONF_SERVICE)		PASS
Checking process (CI_CLEANUP)		PASS
Checking process (CIHS)		PASS
Checking process (FWD)		PASS
Checking process (SPIKE_DETECTIVE)		PASS
Checking process (LPD)		PASS
Checking process (DASERVICE)		PASS
Checking process (AUTOUPDATER)		PASS
Checking process (CPHAMCSET)		PASS
Checking process (TOPOD)		PASS
Checking zombie processes		PASS

SecureXL

Topic	Detail	State
SecureXL (Instance: 0, Name: SND, Status: enabled)		PASS
SecureXL (Accept Templates)	disabledbyFirewall	WARN
SecureXL (Drop Templates)	enabled	PASS
SecureXL (NAT Templates)	disabledbyFirewall	WARN
SecureXL (Accelerated conns/Total conns)	0/0(0%)	WARN
SecureXL (Accelerated pkts/Total pkts)	1/378785(0%)	WARN
SecureXL (F2Fed pkts/Total pkts)	378784/378785(99%)	FAIL
SecureXL (F2V pkts/Total pkts)	1/378785(0%)	PASS
SecureXL (CPASXL pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (PSLXL pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (CPAS pipeline pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (PSL pipeline pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (CPAS inline pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (PSL inline pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (QOS inbound pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (QOS outbound pkts/Total pkts)	0/378785(0%)	PASS
SecureXL (Corrected pkts/Total pkts)	0/378785(0%)	PASS

Storage

Topic	Detail	State
Checking available disk space (/)	26G	PASS
Checking available disk space (/boot)	217M	PASS
Checking available disk space (/dev/shm)	1.8G	PASS
Checking available disk space (/var/log)	99G	PASS

Updates

Topic	Detail	State
Check blade update status (URL Filtering)	not active	INFO
Check blade update status (AntiBot)	not active	INFO
Check blade update status (AntiVirus)	not active	INFO
Check blade update status (Application Control)	not active	INFO

VPN

Topic	Detail	State
Checking overlapping encryption domain		FAIL