This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfkingheat
Participant
‎2020-04-28 03:07 PM
Jump to solution

CPUSE R80.10 failure

I am running two standalone 3200 Firewalls with R80.10 installed. 

We have recently set up a new virtual appliance that runs R80.30 however every 48 hours the site to site VPN connectivity drops out.

I have investigated possible routing problems with no luck and now I am looking at upgrading our R80.10 firewalls to R80.30 to try to resolve my initial issue but when i try this CPUSE upgrade fails on both devices with the same errors. I find it strange because one and time elapsed indicates that the package downloaded successfully but the other doesn't.

Package status reports: reason of failure: Does not match expected SHA1

but the event log reports: unable to connect to server please ensure that the 

I initially though this might be a DA issue but its running the latest DA build. I also tried downloading the latest hot fix for R80.10 and i get the same error. 

I have tried to manually download and import the update package but i received a metadata error. 

Any help resolving ether issue would be much appreciated.

0 Kudos
1 Solution

Accepted Solutions
Wolfkingheat
Participant
‎2020-07-09 06:46 PM
In response to scordy
Jump to solution

Good afternoon, 

 

In the end I found no good solution for this problem but it did find a fix. 

 

1) I downloaded the file manually from checkpoint and checked the checksums

2) I connected to the gateway via scp and uploaded the file. 

3) I used a CPUSE to upload/register the upgrade with the gateway

4) I then logged into the Gaia portal and went to upgrades where the upgrade had been detected as downloaded and available for install

5) I installed the upgrade with no issues.

 

Hope this helps

 

 

View solution in original post

0 Kudos
10 Replies
Maarten_Sjouw
Champion
Champion
‎2020-04-28 09:48 PM
Jump to solution

When you you run these boxes standalone, you mean to say you run management on them as well. That said you need to look at the available diskspace with df -h
You will need at least 10GB free space on /var/log to be able to upgrade.
Regards, Maarten
0 Kudos
Wolfkingheat
Participant
‎2020-04-28 09:52 PM
In response to Maarten_Sjouw
Jump to solution

Thanks for the response @Maarten_Sjouw . 

 

That's correct these devices are standalone installs running the management on them as well. 

I was hoping it would be that simple but sadly there is plenty of room (> 30G) on each device.

 

Thanks Paul

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-04-28 09:55 PM
In response to Wolfkingheat
Jump to solution

Also in the / partition?
Regards, Maarten
0 Kudos
Wolfkingheat
Participant
‎2020-04-28 10:00 PM
In response to Maarten_Sjouw
Jump to solution

It has >26G in the / Partition

regards, Paul

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-04-28 11:48 PM
In response to Wolfkingheat
Jump to solution

What happens to the file when you download it with your PC and upload it using WinSCP?
You can then do a local import and see how that works out?
Regards, Maarten
0 Kudos
Boaz_Orshav
Employee
Employee
‎2020-04-29 09:24 PM
In response to Maarten_Sjouw
Jump to solution

Hi

  The problem you describe indicates an issue with the file transfer or connectivity (SHA not verified or metadata can't be extracted).

  Will appreciate if you ping me at boazo@checkpoint.com to further analyze.

Thanks

Boaz

0 Kudos
scordy
Explorer
‎2020-07-09 06:31 PM
In response to Boaz_Orshav
Jump to solution

Hi Boaz,

Seemingly identical circumstances to this error being experienced on our appliance gateway fleet. Multiple different appliance types, 3000, 5000 and 13000 series. Every one of them fails download of the latest release Take 161 hotfix for R80.20. (@ Wolfkingheat - sorry for the deviation away from R80.10 discussion!)

Hotfix is: Check_Point_R80_20_JUMBO_HF_Bundle_T161_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz.

Error is: 'The package failed to download ... Reason of failure: Does not match Expected SHA1'.

Entire file appears to download (some gateways using a proxy, others directly NATed) and then the failure message is displayed.

Were you able to assist the OP with the problem occurring?

Thanks for any info,

Scordy

0 Kudos
Wolfkingheat
Participant
‎2020-07-09 06:46 PM
In response to scordy
Jump to solution

Good afternoon, 

 

In the end I found no good solution for this problem but it did find a fix. 

 

1) I downloaded the file manually from checkpoint and checked the checksums

2) I connected to the gateway via scp and uploaded the file. 

3) I used a CPUSE to upload/register the upgrade with the gateway

4) I then logged into the Gaia portal and went to upgrades where the upgrade had been detected as downloaded and available for install

5) I installed the upgrade with no issues.

 

Hope this helps

 

 

0 Kudos
scordy
Explorer
‎2020-07-09 06:54 PM
In response to Wolfkingheat
Jump to solution

Thanks Wolfkingheat - I'd already presumed that this would be the logical set of next steps. I was curious as to how widespread issues along these lines might be and also thought it might be useful to let Check Point know about this experience.

Thanks again.

Scordy

0 Kudos
Boaz_Orshav
Employee
Employee
‎2020-07-12 12:48 AM
In response to scordy
Jump to solution

Hi Scott

  I'd like to further investigate this issue.

  Can we set a remote session so i can connect to any of the failed machines?

  Will appreciate if you contact me offline - boazo@checkpoint.com

 

Thanks

Boaz

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events