topic Re: Package Repository - invalid extension in Firewall and Security Management

Package Repository - invalid extension

S_E_ — Fri, 20 Jan 2023 11:49:07 GMT

Hi,

looks like I do not understand the Package Repository approach.

Goal is to put Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar to MDS R81.10 repository so that the gateways T80.40/R80.30 in several domains can pick up this package from management.

- Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar has been uploaded to into global Package repository.

- Connect now into a domain and selecting package source: Management

- When now Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar is selected. It tells: "Package has an invalid extension"

When I try to upload the package into DMS Package repository, it errors with message: "Unable to upload the package. Make sure you are connected through the global domain and try again."

What kind of packages extension is expected?

Is the approach correct?

Thanks

Regards

Re: Package Repository - invalid extension

PhoneBoy — Fri, 20 Jan 2023 18:53:42 GMT

Re: Package Repository - invalid extension

S_E_ — Sat, 21 Jan 2023 08:15:46 GMT

Hi,

thanks for the tip.

File Name Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar
MD5 7111558360b5d000e7452576fb76934b
SHA1 cd26cc0b793e80afead0cf559340c23fb9df7f3d
SHA256 0a56cf2a2c4c6b136f408d1827ddf4b18116ac6dbe512566a76a0cf7f71b2e6b

Download file with Iron Version 108.0.5500.0 (Official Build) (64-bit) to a windows box.

---

Appears on windows:

Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar
PS C:\Users\... Get-FileHash Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar

Algorithm Hash Path
--------- ---- ---
SHA256 0A56CF2A2C4C6B136F408D1827DDF4B18116AC6DBE512566A76A0CF7F71B2E6B ...

---

Upload to CheckPoint Management

[Expert@MDS:0]# find ./ -name Check_Point_R81.10_T335_Fresh_Install_and_Upgrade*
./var/log/CPda/repository/CheckPoint#Major#All#6.0#5#3#R81.10_ignis_main_T335/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tgz
./var/log/CPda/metadata/CheckPoint#Major#All#6.0#5#3#R81.10_ignis_main_T335/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade_METADATA.tgz
./var/log/opt/CPsuite-R81.10/fw1/tmp/RepositoryManager/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar
./var/log/opt/CPsuite-R81.10/fw1/tmp/RepositoryManager/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar
./var/log/PackageRepository/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade
./var/log/PackageRepository/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade/metadata/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade_METADATA.tgz
./var/log/PackageRepository/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade/metadata/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade_METADATA
./var/log/PackageRepository/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade/metadata/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade_METADATA_EXTENDED.tar
./var/log/PackageRepository/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade/package/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar
./var/log/SOFTWARE/Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar

So at the end
When I search in SmartConsole | Upgrade Version , there is a need to have the exact file name in tgz format

Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar -> NOTHING found
Check_Point_R81.10* -> NOTHING found
Check_Point_R81.10 -> NOTHING found
Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tgz -> found

Digging into that, I can't see a browser issue.

However, doing now Package Verification for a specific gateway, it ends up with verification failed.
Package is not valid for installation on the relevant Security gateways.

b.t.w.

we used this package already multiple times on the same gateway model but with CPUSE/CLISH and it worked perfect.

Looks like I need to raise a TAC case.

Thanks again

Regards

Re: Package Repository - invalid extension

G_W_Albrecht — Sat, 21 Jan 2023 09:09:19 GMT

Re: Package Repository - invalid extension

the_rock — Sat, 21 Jan 2023 12:27:51 GMT

It definitely has to be .tgz extension, otherwise, as @G_W_Albrecht said, it will not work.

Re: Package Repository - invalid extension

Boaz_Orshav — Sun, 22 Jan 2023 05:32:21 GMT

Actually, when you have the package in the repository you can select from the drop down. No need to search for the package (see image)

It should be the tgz since when you upload a tar file the repository extracts it to a package (tgz) and some other data

If it doesn't work - please send me a screenshot and let's handle it offline (boazo@checkpoint.com)

Re: Package Repository - invalid extension

S_E_ — Mon, 23 Jan 2023 06:45:59 GMT

The files which CheckPoint provides are in *.tar and have been uploaded to Global domain.

Browsing in a local domain did not work last week.

Therefore I tried to type in the Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tar which gave no results.

After PhoneBoys tip, I typed in Check_Point_R81.10_T335_Fresh_Install_and_Upgrade.tgz and the image is then be shown.

Only using magnifying glass (search) does not work! (MDS HA related???, Global domain only on primary MDS)

Next challenge:

Seeing now the image, selecting a cluster(5000series,R80.40) an pressing 'Verify',.

It ends up with Verification failed: Failed to get the Cluster status from: ID=-1, IP=x.x.x.x, State=uninitialized

Needless to say the cluster is up and running and SIC is fine.

We used this package already multiple times on the same gateway model but with CPUSE/CLISH and it worked perfect.

Regards

Re: Package Repository - invalid extension

_Val_ — Mon, 23 Jan 2023 07:58:34 GMT

Try a different browser, the extension should be .tgz

Re: Package Repository - invalid extension

S_E_ — Mon, 23 Jan 2023 08:09:40 GMT

Hm,

Microsoft EdgeVersion 109.0.1518.61 (Official build) (64-bit)

CheckPoint provides *tar and a download with MS edge saves as a tar.

Regards

Re: Package Repository - invalid extension

G_W_Albrecht — Mon, 23 Jan 2023 17:12:10 GMT

The Download Wizard is wrong for CDT / Repository ! Download the .tgz in Repository using New... and the name as shown here:

Re: Package Repository - invalid extension

Bob_Zimmerman — Thu, 06 Jun 2024 16:52:00 GMT

How is this still a problem? It's kind of absurd that to download a tar package, we have to lie to the system and tell it to try to download a tgz. The package which is actually downloaded is a tar. Here's what ends up on the filesystem when I tell an MDS' Global domain to download "Check_Point_R81_20_JUMBO_HF_MAIN_Bundle_T65_FULL.tgz":

[Expert@SomeMds:0]# find / -name Check_Point_R81_20_JUMBO_HF_MAIN_Bundle_T65_FULL* /var/log/PackageRepository/Check_Point_R81_20_JUMBO_HF_MAIN_Bundle_T65_FULL /var/log/PackageRepository/Check_Point_R81_20_JUMBO_HF_MAIN_Bundle_T65_FULL/package/Check_Point_R81_20_JUMBO_HF_MAIN_Bundle_T65_FULL.tar