cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Jesus_Cano
Copper

Install Hotfix in Checkpoint platform VSX

HI,

 

We need to install the lastest HF for R80.10. 

 

For SMS: We have 2 SMS active/standby - We first install the JHF in the secondary SMS, and then in the prymary. We will upgrade the CPUSE and we will do this HF installation by CPUSE. I think this is ok.

 

For gateways: The doubts are in the gateways. We have 2 FWs with VSX. Normally we use GAIA portal to install Hotfix but in VSX doesnt exist gaia portal so i undertand that we need to upgrade CPUSE and install HF by CLI.

So whats are the commands to install HF by cli? the HF is install in all VSX automatically?

WE first will install the HF in the standby node, and then force a failover. The commando to failover is the same like a fw without VSX, right? clusterXL_admin down in the active node? or its different the install HF for VSX environment.

 

ANy particular thing to keep in mind for installing HF in VSX? 

0 Kudos
6 Replies

Re: Install Hotfix in Checkpoint platform VSX

Hi @Jesus_Cano,

I believe the info you are looking for is available here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Look into CLI part, it is all there. 

0 Kudos

Re: Install Hotfix in Checkpoint platform VSX

In clish the command you use is: installer download-and-install <Tab-Key>
This should show you a list of possible installable Jumbo and other fixes.
Just enter the required number and it will install the update for you.

For the failover, it depends if you are running HA or VSLS, in HA mode 'clusterXL_admin down' on VS0 is enough, in VSLS mode you need to use the command on each and every VS to move them over OR use 'vsx_util vsls' from the management to assign all VS's to a specific member.
Regards, Maarten
Jesus_Cano
Copper

Re: Install Hotfix in Checkpoint platform VSX

There is no VSLS. So clusterSL_admin down in VSO will be enough.

SO i undertand that the installation HF by cli is done for all VS, right?

These gws have no internet. So we will upload the HF manually.

0 Kudos

Re: Install Hotfix in Checkpoint platform VSX

Correct, the whole platform is upgraded, you cannot upgrade one VS at the time 🙂
0 Kudos

Re: Install Hotfix in Checkpoint platform VSX

When you upload the file then use the following clish command to import the file into CPUSE (make sure to download the correct file):
installer import local <Full-path-and-filename>
Then use the following command to install the imported file:
installer install 1
Regards, Maarten
0 Kudos

Re: Install Hotfix in Checkpoint platform VSX

On VSX I would do it like this:

clish
installer download <TAB>
installer verify <TAB>
installer install <TAB>
exit

Where <TAB> stands for the TAB key.
Assuming:
1. The gateway has internet access to download the Jumbo hotfix.
2. Bash is you normal shell.

0 Kudos