This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
velo
Collaborator
‎2026-03-10 08:45 AM
Jump to solution

Eval license

In the past, many times I have deployed a management server and a gateway for testing upgrades, and different scenarios. This has always worked great, with no problems. I would get this error, but updates would still work fine on the eval.

eval.png

I am trying to do the same on 82.20 to lab up upgrading to 82.xx but this time it will not allow me to download updates. 

I have tried to run 'installer check-for-updates' but I get this error:

The administrator did not authorize downloads, not performing update

I found this article, and tried what it says with the show consent flags, but no joy.

Has something changed with the way eval license works?

Thanks

0 Kudos
1 Solution

Accepted Solutions
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-03-11 03:29 AM
Jump to solution

There is an issue with the updater, a new agent will be rolled out over the coming week to resolve it. At this stage you might just have to manually import your version upgrade, migration tools and JHF files. Or check again next week if your testing isn't urgent.

View solution in original post

18 Replies
simonemantovani
MVP
MVP
‎2026-03-10 09:57 AM
Jump to solution

Hello

what is the output of cplic print -x ?

DAagent is already the latest version?

I know that it's not fair, but as a workround you can download the update package (Blink Image for example), and try to import on the garteway/management you want to upgrade, and manually upgrade it.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-03-10 10:44 AM
Jump to solution

Hey @velo 

If you send us the output of cplic print -x, as @simonemantovani mentioned, woiuld certainly give us a better idea.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
velo
Collaborator
‎2026-03-11 02:07 AM
In response to the_rock
Jump to solution

Hi all

Answering all the questions here. I did check internet connectivity was working as one of my initial checks. DU agent is latest version. 

Here are the outputs. 

11.png

12.png

 

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-11 02:50 AM
In response to velo
Jump to solution

You don't have any license reported in cplic output, could you try to create and attache a new evaluation license (all-in-one license)?

0 Kudos
velo
Collaborator
‎2026-03-11 02:51 AM
In response to simonemantovani
Jump to solution

Is this a new requirement because I have never had to do it before. Previously the appliance would work fine for 15 days.

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-11 02:53 AM
In response to velo
Jump to solution

Not so new, I noticed id in the last couple of years more or less (since R81.x for sure).

0 Kudos
velo
Collaborator
‎2026-03-11 02:57 AM
In response to simonemantovani
Jump to solution

I will look into this as I have never done it before. The thing is, it even says this in my screenshot as you see. 

Check Point product trial period will expire in 15 days.
Until then, you will be able to use the complete Check Point Product Suite.

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-11 02:59 AM
In response to velo
Jump to solution

Yes I agree with you ... sometimes information in documentation may be a bit contradictory ... In any case, if you can try with an Eval license from UserCenter.

0 Kudos
velo
Collaborator
‎2026-03-11 03:50 AM
In response to simonemantovani
Jump to solution

This didn't work either, but as pointed out by @emmap there is a problem with the updater.

PhoneBoy
Admin
Admin
‎2026-03-11 06:46 AM
In response to velo
Jump to solution

This CRL issue seems to also impact evaluation licenses on R82 and R82.10: https://support.checkpoint.com/results/sk/sk184766

0 Kudos
velo
Collaborator
‎2026-03-11 06:49 AM
In response to PhoneBoy
Jump to solution

Ah yes, I saw that one. Thanks for the reminder. I'm on 81.20 in the lab. (attempting to go to 82.x)

Thanks

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-03-10 10:47 AM
Jump to solution

Checked the last 3 points, DNS / routing, are you able to access checkpoint websites from the unit?

curl -vk https://updates.checkpoint.com

 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
rboettger
Explorer
‎2026-03-11 12:12 AM
In response to Lesley
Jump to solution

We have two in productive Check Point environments on R81.20 and we got following issue:

[Expert@xxx:0]# curl_cli -vvvk https://updates.checkpoint.com
* Rebuilt URL to: https://updates.checkpoint.com/
* Trying 18.245.31.62...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (18.245.31.62) port 443 (#0)
* ALPN, offering http/1.1
* *** Current date is: Wed Mar 11 08:08:38 2026
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Wed Mar 11 08:08:38 2026
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* err is -1, detail is 2
* *** Current date is: Wed Mar 11 08:08:38 2026
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: CN=*.checkpoint.com
* start date: Jun 3 12:12:04 2025 GMT
* expire date: Jul 5 12:12:03 2026 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* servercert: Finished
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Connection: keep-alive
< Date: Wed, 11 Mar 2026 07:08:38 GMT
< Server: awselb/2.0
< X-Cache: Error from cloudfront
< Via: 1.1 b7c8b552077b93dc0acaa0b82d11fa62.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: FRA56-P8
< X-Amz-Cf-Id: PQ_vDANXFlWawcxX7u_5xnyqfAn9Vj7eMRvxZyJL1HAB9AY9qinhEg==
<
* Connection #0 to host updates.checkpoint.com left intact

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-03-11 03:29 AM
Jump to solution

There is an issue with the updater, a new agent will be rolled out over the coming week to resolve it. At this stage you might just have to manually import your version upgrade, migration tools and JHF files. Or check again next week if your testing isn't urgent.

velo
Collaborator
‎2026-03-11 03:34 AM
In response to emmap
Jump to solution

Thanks, thought that might be the case. See below, also pointed out by another poster

13.png

0 Kudos
velo
Collaborator
‎2026-03-11 03:41 AM
In response to emmap
Jump to solution

I am performing an upgrade on a Cluster tomorrow and will use CDT. Will this be a problem?

Thanks

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-03-11 06:35 PM
In response to velo
Jump to solution

It may, if the boxes in question don't have the latest DA build (2742) that is being gradually rolled out. I would also recommend making sure you have the CRL patch on the management server just in case. 

https://support.checkpoint.com/results/sk/sk92449 <- Deployment agent. We don't have a download link for the new one up there yet but maybe check before you start the upgrade. 

0 Kudos
(1)
velo
Collaborator
‎2026-03-12 01:55 AM
In response to emmap
Jump to solution

Thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events