Also note that yesterday you could download Take 2 of the hotfix. (About 2 MB)

But today it is take 5: 

Check_Point_R82_JHF_T60_TIME_FIX_655_MAIN_Bundle_T5_FULL.tar (About 41 MB)

For Jumbo 60 it is now take 6.

yes you have and on the management

Yes, the hotfix will fix the HTTPS inspection.

The only way we found to mitigate it, before applying hotfix was to bypass the sites with the error from HTTPS Inspection.

The hotfix only took a few minutes to apply, and then a reboot, after that it worked for us with HTTPS inspection for sites with newer certificates.

The short gist. It impacts EVERYTHING that uses X509 certificates. So any Check Point (virtual) appliance with R82 or above MUST be fixed.

Did anyone ever verify if any VPN client version has been impacted?

Yes we have the same issue (already posted it above).

did u solved?

No I didn't.

I have just installed the last hotfix (655) right now and the problem was not solved!!!

Please open a TAC case for your issue.

I have also encountered an update failure issue, but in my case the error occurred during the hotfix package import stage.

Currently, I am waiting for TAC assistance to resolve the issue.

If this is a new install you may need to manually update the DA build, because that won't be happening automatically either.

Hi @emmap :
I submitted a TAC case, and TAC recommended reinstalling the system.
The issue has since been resolved.

It seems we have multiple takes of this hotfix. And I would bvery muchg appreciate the difference between the various takes so I can determine if we need to revisit certain systems again with a newer builld of the hotfix.

I am also finding this very frustrating.

I understand there can be issues with fixes; however, there is lack of communication when a newer hotfix is released and lack of guidance if I need to spend time applying said hotfix. This morning, I see JHF-44 has been silently updated from Take 8 -> 10, but I have no idea if I need to spend time re-patching.

I am grateful for the community otherwise I would not have been aware of these silent hotfixes in the first place.

At minimum, we need to know if the new version was released because the old version didn't fix everything, or because the old version caused a new problem.

My team has gotten at least 15 separate email threads about this hotfix (all three of our diamond reps, two PS reps, our SE, our reseller, automated notifications from support-do-not-reply, three separate managers asking about separate email threads all about the same hotfix). It has created a huge amount of work for us because the messaging makes it sound hair-on-fire urgent, but as far as I can tell, there's no impact to my environment as long as I don't build whole new firewalls for a bit. Our diamond reps don't know what differs between the hotfix versions, so even the internal messaging is bad.

The emergency remote access hotfix in mid-2024 had similarly awful messaging. Zero clarity, tons of Check Point reps hassling us to install it even though we didn't have the affected features enabled anywhere.

The hotfix has been updated again, and again there's no description of what is different or how urgent it is to update to the new version. As of when I post:

Some information about the takes is in the sk now:

"

• If you have VSX, Multi-Domain Management (MDM) or Multi-Domain Log Server, LSM, or CloudGuard Network - install Hotfix Take 5 or later.
• If you have already installed Take 2 and you do not have VSX or MDM (and you are not using LSM or CloudGuard Network) - no further installation is needed right now.
• This Hotfix must be installed on both
  • Management Server / Log Server / SmartEvent Server / CloudGuard Network Management,
    and
  • Security Gateway / Maestro Orchestrator / Security Group / Non-Autoscale CloudGuard Gateways.
• For Smart‑1 Cloud users, the Management hotfix is not relevant - it is already included in the latest MaaS update. Install only the Security Gateway / Maestro Orchestrator / Security Group Hotfix."

My managements are R82 jumbo 60. There's nothing in the SK or anything anybody has yet sent me about why I might need to go from take 6 (released on 2026-03-06) to take 11 (released 2026-03-09). It's newer, okay, but how is it different?

Are we going to see new issues because we installed take 6?

Are there some places which still had bad date math or whatever the problem is?

If so, what functionality isn't fixed by take 6 (or even by take 2)?

Updating management servers in my environment isn't extraordinarily hard, but people still ask us why we're taking the managements down for a third time in a week. We have multiple dedicated diamond reps, and Check Point isn't telling us anything. There's no way our change control people would approve a third update window for all of the firewalls in that span of time without a detailed explanation of what's going on.

It say: "If you have already installed Take 2 and you do not have VSX or MDM (and you are not using LSM or CloudGuard Network) - no further installation is needed right now."

Sure, but it doesn't say why. We do have MDSs and we are using VSX.

Does that note only apply to environments which use both MDS and VSX, or does it apply to environments which use only one or the other?

Why is take 5 or greater so important for MDS environments and VSX environments?

And I really need to know what did take 2 not fix? What did take 6 not fix? Only a few of the potential problems listed in the SK apply to our environment at all. If going from 6 to 11 is fixing features we don't use, then I'll just skip it.

The lack of clarity is irritating. They're saying "Install this, it'll fix the problem.", followed just days later by "You installed that last version? That version didn't fix the problem. Install this, it'll fix the problem." Okay, what's the reason I shouldn't wait a week, and install take 18 instead?

Today when I have tried to renew the certificate of one of out R81.10 gateways I have received the error message "Failed creating Certificate. General Problem in Certificate Authority." My Management server R82 Take 60 hat the Hotfix Take2 installed. I have removed that Hotfix, installed the version Take 11 and the Problem is now fixed.