This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duane_Toler
Advisor
Thursday

R82 upgrade for Azure

Can someone explain the inconsistency with sk177714 (in-place upgrade of an R81.20 SmartCenter in CloudGuard) versus what is actually happening on the server?

Sep 25 18:33:03 2025 mercury xpand[8775]: admin localhost t +installer:action_result Failed to add the package (Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz)
The following results are not compatible with the package:

 - Check package compatibility with this version

 - Machine is 'azure' cloud environment

This installation package is not supported on Cloud environments (Microsoft Azure, Google Cloud, Amazon Web Service and Aliyun)

 

Same thing for the Blink package:

Sep 25 18:27:18 2025 mercury xpand[8775]: admin localhost t +installer:action_result Failed to add the package (Blink_image_1.1_Check_Point_R82_T777_JHF_T39_SecurityManagement.tgz)
The following results are not compatible with the package:

 - Machine is 'azure' cloud environment

This installation package is not supported in these cloud environments: Amazon Web Service, Microsoft Azure, Google Cloud, and Aliyun.

 

So.... is in-place upgrade supported or not?  As it stands, the DDR policy isn't allowing it.  Any ideas?

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
9 Replies
the_rock
Legend
Legend
Thursday

Last time I did this, I just ended up doing it from web UI, like regular Gaia and worked fine.

Andy

0 Kudos
Duane_Toler
Advisor
Thursday
In response to the_rock

Sadly, the package isn't being added to the repository, so it's not selectable.  I even tried to force it by adding the package manually.  The metadata comes across but it refuses to add to the repository:

 

[Expert@mercury:0]# da_cli add_private_package package=Blink_image_1.1_Check_Point_R82_T777_JHF_T39_SecurityManagement.tgz
{
   "Action ID" : "169",
   "Message" : "add_private_package command delivered to service.",
   "Package" : "Blink_image_1.1_Check_Point_R82_T777_JHF_T39_SecurityManagement.tgz"
}

[Expert@mercury:0]# da_cli get_status_of_action actionID=169
{
   "Action ID" : "169",
   "Action Type" : "Add_Private_Package",
   "DAService State" : "ready",
   "ExtendedMessage" : "N/A",
   "Message" : "Failed to add the package (Blink_image_1.1_Check_Point_R82_T777_JHF_T39_SecurityManagement.tgz)\nThe following results are not compatible with the package:\n\n - Machine is 'azure' cloud environment\n\n\nThis installation package is not supported in these cloud environments: Amazon Web Service, Microsoft Azure, Google Cloud, and Aliyun.\nThis installation package may not be supported on your appliance model or server.\nThis installation package supported only on 64-bit CPU.\nFor the latest software images for Check Point appliances, see sk120193.\nFor support of R81 on Open Servers, see sk166715.",
   "Package" : "Blink_image_1.1_Check_Point_R82_T777_JHF_T39_SecurityManagement.tgz",
   "Progress" : "0",
   "Status" : "failure"
}

 

That's when I tried the generic package and it did the same thing:

[Expert@mercury:0]# da_cli add_private_package package=Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz
{
   "Action ID" : "171",
   "Message" : "add_private_package command delivered to service.",
   "Package" : "Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz"
}

[Expert@mercury:0]# da_cli get_status_of_action actionID=171
{
   "Action ID" : "171",
   "Action Type" : "Add_Private_Package",
   "DAService State" : "ready",
   "ExtendedMessage" : "N/A",
   "Message" : "Failed to add the package (Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz)\nThe following results are not compatible with the package:\n\n - Check package compatibility with this version\n\n\n\n - Machine is 'azure' cloud environment\n\n\nThis installation package is not supported on Cloud environments (Microsoft Azure, Google Cloud, Amazon Web Service and Aliyun)\nThis installation package may not be supported on your appliance model.\nFor the latest software images for Check Point appliances, see sk166536\nThis installation package may not be supported on your server.\nThe installation is supported only on servers with standard Check Point partition formats.\nThis installation package is not supported if you have an NSX-V Data Center object",
   "Package" : "Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz",
   "Progress" : "0",
   "Status" : "failure"
}

 

 Boo. 😞

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
the_rock
Legend
Legend
Thursday
In response to Duane_Toler

I agree, boo : - (

Anywho, here is my ?...what do you see in updates tab at the bottom left of web UI? If you select all packages, can you attach a screenshot? Is CPUSE updated to latest build?

Andy

0 Kudos
PhoneBoy
Admin
Admin
Friday

Are you using the upgrade package linked in sk177714 to do this?
Other packages may not be supported for this purpose.

0 Kudos
Duane_Toler
Advisor
Friday
In response to PhoneBoy

Oh!  Fair enough, my fault for not clicking the link, I did miss that; I didn't see there was a special package.  However, I tried to add that to the repository and it still complained saying it couldn't even find that package to download/import:

[Expert@mgmt01:0]# da_cli add_private_package package=aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tar
{
   "Action ID" : "167",
   "Message" : "add_private_package command delivered to service.",
   "Package" : "aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tar"
}

[Expert@mgmt01:0]# da_cli get_status_of_action actionID=167
{
   "Action ID" : "167",
   "Action Type" : "Add_Private_Package",
   "DAService State" : "ready",
   "ExtendedMessage" : "N/A",
   "Message" : "The package 'aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tar' does not exist in the Check Point cloud.",
   "Package" : "aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz",
   "Progress" : "0",
   "Status" : "failure"
}

 

I had to use a different host because my other one had to have a private hotfix which I know breaks upgrades.  This host doesn't have any of those.

I downloaded that "aio" package manually and imported it locally which did work.  Yet this particular VM needed an LVM disk expansion and the DDR policy apparently doesn't like that (sigh).

So... I tried this package on another Azure CloudGuard management server that's still in a "pristine" state.  Again I had to download the package locally and import it manually.  The package imported and verified successfully.  I need to do a JHF update first before upgrading, tho.

 

[Expert@moon:0]#  da_cli get_status_of_action actionID=214
{
   "Action ID" : "214",
   "Action Type" : "Verify",
   "DAService State" : "ready",
   "ExtendedMessage" : "N/A",
   "Message" : "{\"clean-install\":{\"applicable\":true,\"messages\":[{\"message-code\":\"OK\",\"text\":\"Installation is allowed.\"}],\"success\":true},\"install\":{\"applicable\":false,\"messages\":null,\"success\":false},\"upgrade\":{\"applicable\":true,\"messages\":[{\"message-code\":\"OK\",\"text\":\"Upgrade is allowed.\"}],\"success\":true},\"warning-install\":{\"applicable\":true,\"messages\":[{\"message-code\":\"OK\",\"text\":\"(1 warnings) \\n • A Jumbo Hotfix Accumulator (HFA) Take 105 is installed on this server. \\nRead more about the Jumbo (HFA) that aligns with your current Jumbo (HFA) in sk164258\\n \"}],\"success\":true},\"warning-upgrade\":{\"applicable\":true,\"messages\":[{\"message-code\":\"OK\",\"text\":\"(1 warnings) \\n • A Jumbo Hotfix Accumulator (HFA) Take 105 is installed on this server. \\nRead more about the Jumbo (HFA) that aligns with your current Jumbo (HFA) in sk164258\\n \"}],\"success\":true}}",
   "Package" : "aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tgz",
   "Progress" : "100",
   "Status" : "success"
}

 

Hopefully the "aio" package can be added as a private package so they don't have to be downloaded manually.  That's quite a pain for a remote host like these.  Otherwise, for pristine hosts, this should work.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
Bob_Zimmerman
Authority
Authority
Friday
In response to Duane_Toler

I've found CPUSE doesn't like to download packages with a tar extension. You probably just need to change it to tgz, even though that's not really the right file name.

0 Kudos
Don_Paterson
Advisor
Advisor
Friday
In response to Duane_Toler

What about the installer command (CLISH CPUSE/DA command) instead of da_cli?

 

installer import cloud aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tar



https://sc1.checkpoint.com/documents/CPUSE/Content/Topics/Install-Package.htm?tocpath=Installing%20a...

 

 

 

0 Kudos
Don_Paterson
Advisor
Advisor
Friday
In response to Don_Paterson

Just in case:

You would run 1 or 2:

1.

clish

installer import cloud aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tar

and then all other installer commands, as per the guide

exit to leave, unless the installer does the upgrade and reboots.

 

2. 

clish -c 'installer import cloud aio_Check_Point_R82_T777_Gaia_Install_and_Upgrade.tar'

clish -c <--- for each  installer command run

 

1 is better, and then type exit to go back to expert mode when done.

the_rock
Legend
Legend
7 hours ago
In response to Duane_Toler

Hey Duane,

Did you figure this out?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events