This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Wolfkingheat
Participant
‎2020-04-28 03:07 PM

CPUSE R80.10 failure

Jump to solution

I am running two standalone 3200 Firewalls with R80.10 installed. 

We have recently set up a new virtual appliance that runs R80.30 however every 48 hours the site to site VPN connectivity drops out.

I have investigated possible routing problems with no luck and now I am looking at upgrading our R80.10 firewalls to R80.30 to try to resolve my initial issue but when i try this CPUSE upgrade fails on both devices with the same errors. I find it strange because one and time elapsed indicates that the package downloaded successfully but the other doesn't.

Package status reports: reason of failure: Does not match expected SHA1

but the event log reports: unable to connect to server please ensure that the 

I initially though this might be a DA issue but its running the latest DA build. I also tried downloading the latest hot fix for R80.10 and i get the same error. 

I have tried to manually download and import the update package but i received a metadata error. 

Any help resolving ether issue would be much appreciated.

0 Kudos
Reply
1 Solution

Accepted Solutions
Wolfkingheat
Participant
‎2020-07-09 06:46 PM
In response to Scott_Cordy

Jump to solution

Good afternoon, 

 

In the end I found no good solution for this problem but it did find a fix. 

 

1) I downloaded the file manually from checkpoint and checked the checksums

2) I connected to the gateway via scp and uploaded the file. 

3) I used a CPUSE to upload/register the upgrade with the gateway

4) I then logged into the Gaia portal and went to upgrades where the upgrade had been detected as downloaded and available for install

5) I installed the upgrade with no issues.

 

Hope this helps

 

 

View solution in original post

0 Kudos
Reply
10 Replies
Maarten_Sjouw
Champion
Champion
‎2020-04-28 09:48 PM

Jump to solution
When you you run these boxes standalone, you mean to say you run management on them as well. That said you need to look at the available diskspace with df -h
You will need at least 10GB free space on /var/log to be able to upgrade.
Regards, Maarten
0 Kudos
Reply
Wolfkingheat
Participant
‎2020-04-28 09:52 PM
In response to Maarten_Sjouw

Jump to solution

Thanks for the response @Maarten_Sjouw . 

 

That's correct these devices are standalone installs running the management on them as well. 

I was hoping it would be that simple but sadly there is plenty of room (> 30G) on each device.

 

Thanks Paul

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2020-04-28 09:55 PM
In response to Wolfkingheat

Jump to solution
Also in the / partition?
Regards, Maarten
0 Kudos
Reply
Wolfkingheat
Participant
‎2020-04-28 10:00 PM
In response to Maarten_Sjouw

Jump to solution

It has >26G in the / Partition

regards, Paul

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2020-04-28 11:48 PM
In response to Wolfkingheat

Jump to solution
What happens to the file when you download it with your PC and upload it using WinSCP?
You can then do a local import and see how that works out?
Regards, Maarten
0 Kudos
Reply
Boaz_Orshav
Employee
Employee
‎2020-04-29 09:24 PM
In response to Maarten_Sjouw

Jump to solution

Hi

  The problem you describe indicates an issue with the file transfer or connectivity (SHA not verified or metadata can't be extracted).

  Will appreciate if you ping me at boazo@checkpoint.com to further analyze.

Thanks

Boaz

0 Kudos
Reply
Scott_Cordy
Explorer
‎2020-07-09 06:31 PM
In response to Boaz_Orshav

Jump to solution

Hi Boaz,

Seemingly identical circumstances to this error being experienced on our appliance gateway fleet. Multiple different appliance types, 3000, 5000 and 13000 series. Every one of them fails download of the latest release Take 161 hotfix for R80.20. (@ Wolfkingheat - sorry for the deviation away from R80.10 discussion!)

Hotfix is: Check_Point_R80_20_JUMBO_HF_Bundle_T161_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz.

Error is: 'The package failed to download ... Reason of failure: Does not match Expected SHA1'.

Entire file appears to download (some gateways using a proxy, others directly NATed) and then the failure message is displayed.

Were you able to assist the OP with the problem occurring?

Thanks for any info,

Scordy

0 Kudos
Reply
Wolfkingheat
Participant
‎2020-07-09 06:46 PM
In response to Scott_Cordy

Jump to solution

Good afternoon, 

 

In the end I found no good solution for this problem but it did find a fix. 

 

1) I downloaded the file manually from checkpoint and checked the checksums

2) I connected to the gateway via scp and uploaded the file. 

3) I used a CPUSE to upload/register the upgrade with the gateway

4) I then logged into the Gaia portal and went to upgrades where the upgrade had been detected as downloaded and available for install

5) I installed the upgrade with no issues.

 

Hope this helps

 

 

View solution in original post

0 Kudos
Reply
Scott_Cordy
Explorer
‎2020-07-09 06:54 PM
In response to Wolfkingheat

Jump to solution

Thanks Wolfkingheat - I'd already presumed that this would be the logical set of next steps. I was curious as to how widespread issues along these lines might be and also thought it might be useful to let Check Point know about this experience.

Thanks again.

Scordy

0 Kudos
Reply
Boaz_Orshav
Employee
Employee
‎2020-07-12 12:48 AM
In response to Scott_Cordy

Jump to solution

Hi Scott

  I'd like to further investigate this issue.

  Can we set a remote session so i can connect to any of the failed machines?

  Will appreciate if you contact me offline - boazo@checkpoint.com

 

Thanks

Boaz

0 Kudos
Reply