- CheckMates
- :
- Products
- :
- General Topics
- :
- Installing the Latest Jumbo Hotfix
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jump to solution
Installing the Latest Jumbo Hotfix
Hi ,
Need help with offline installation of Jumbo Hotfix. As per my understanding these are the steps :-
1) Check CPUSE version updated to latest build or not
2)Download Jumbohotfix Package
3) Import Package
4) Verify Package
5) Install Package
I am having problem with the Import procedure , how do i import the downloaded version to the firewall disk ?
can someone please guide wrt to this.
Thanks
- Tags:
- jumbo hotfix
2 Solutions
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're too hardcore for web-interface, you can do it in CLI.
1. Copy Jumbo Hotfix package to the firewall into a temporary directory using SCP:
/var/log/upload/jumbo_hotfix/
2. Connect to the firewall with SSH in Clish
3. Acquire Configuration Lock over Gaia:
> lock database override
4. Import Jumbo Hotfix package:
> installer import local /var/log/upload/jumbo_hotfix/Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz
5. Check imported packages in Hotfixes section:
> show installer packages imported
> show installer package <Package_Number>
6. Verify that this package can be installed without conflicts:
> installer verify <Package_Number>
Info: Initiating verify of Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz...
Result: Installation is allowed
7. Install the imported package:
> installer install <Package_Number>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thought about it but wasnt sure whether it will hamper current VSX configuration.
Does setting it of and on back again will impact the current scenario in anyway ?
22 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just use the Import Package button.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After downloading the file to your desktop, open the GAiA WebGUI in browser, go Upgrades (CPUSE) > Status and Actions and click Import Package:
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply..but i am using a VSX environment
need to import the package through CLI for the Gateways
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is correct, CLI is the only way for VSX...
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried the following in GAiA VSX (sk92425) expert mode:
- set virtual-system 0; set vsx off
- Update via CPUSE within WebUI
- set vsx on
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thought about it but wasnt sure whether it will hamper current VSX configuration.
Does setting it of and on back again will impact the current scenario in anyway ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're too hardcore for web-interface, you can do it in CLI.
1. Copy Jumbo Hotfix package to the firewall into a temporary directory using SCP:
/var/log/upload/jumbo_hotfix/
2. Connect to the firewall with SSH in Clish
3. Acquire Configuration Lock over Gaia:
> lock database override
4. Import Jumbo Hotfix package:
> installer import local /var/log/upload/jumbo_hotfix/Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz
5. Check imported packages in Hotfixes section:
> show installer packages imported
> show installer package <Package_Number>
6. Verify that this package can be installed without conflicts:
> installer verify <Package_Number>
Info: Initiating verify of Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz...
Result: Installation is allowed
7. Install the imported package:
> installer install <Package_Number>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is also SmartUpdate:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply, my problem is with Point no.1
How do i import the downloaded hotfix to the firewall ? anyother option apart from SCP ?
Thanks.
As the gateways are part of the VSX Cluster is CLI the only way ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can copy files from FTP server or from SCP server in your network, running commands on the VSX gateway.
But why do you have such question? Maybe you cannot connect because your account's default shell on VSX is clish? SCP uses SSH connection, which should be already available to you. Otherwise, how would you connect by SSH to do anything there? So, you should be able to run WinSCP on the machine from which you connect by SSH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you might need to change the shell on the user you are using to be able to run scp, make sure to set the shell of the user to /bin/bash and then try to do the scp copy.
PS today I ran into a really weird problemalso on VSX. I was trying to run installer with jumbo 154, and the installer kept telling me there was a need to upgrade as the version was not the latest, it was 1573.
All morning in an chat and trying to get past this point, in the beginning of the afternoon, after lunch and a reboot all the sudden there was a different message, please update to the later version 1577 (the CPUSE SK was still saying 1573 was the latest), so installer agent update, but still it cannot get the update file.
Maybe someone at Check Point was to quick in setting the version number on the update server?
Regards, Maarten
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Changed the shell to bash and it worked.. Thanks a lot
I applied the update on 2 cluster members , however after updating when i check their status in SmartConsole one of the member displays up to date and the other says 3 updates available.. but i applied the same version for both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On both members you can check with installer download-and-install <Tab key> which packages should be available according to CPUSE. (if you have access to Internet from the gateway)
Regards, Maarten
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a log file we can tail to see the progress?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Find all details of CPUSE here:
sk92449: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have physical access, then you can download the latest jumbo hotfix into USB stick, plug USB into device and mount it according to this procedure:
How to mount a USB Drive in Gaia and SecurePlatform
Kind regards,
Jozko Mrkvicka
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
which is the best practice installing the JH? We should install directly the LATEST JHF or I should do each steps?
best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That only depends on the installed version and the gap between this and the new version - you can find details in sk106162 / sk116380 / sk137592 ! Usually, you first will have to update CPUSE DA to the current version if needed and then install the newest GA Jumbo HF.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK but In that SK i cannot find the "update" path between two JHF....isn't it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As i wrote already - only CPUSE DA has to be the newest version, then you can install the newest GA Jumbo directly on top of the opld Jumbo HF. Also, CPUSE will tell you upon verify if install is possible at all...
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For that kind of information you should read Important Notes section in sk106162 and notes right after Take link. As I remember, previously there was information for cases when some Takes must be uninstalled first, before installing the new version. And it is decribed for which appliances which takes should be installed.
Also, if your Jumbo Hotfix was installed in legacy CLI way (./UnixInstallScript), then it was required to remove it first. But it was fixed in newer CPUSE versions.
4. How to install a newer Take of Jumbo Hotfix Accumulator on top of the current Take?
Jumbo Hotfix Accumulators support upgrade - i.e., a newer Take of Jumbo Hotfix Accumulator can be installed on top of the current Take of Jumbo Hotfix Accumulator.
CPUSE Agent build Notes 1127 and above
- If the previous Take of Jumbo Hotfix Accumulator was installed using Legacy CLI, then the next Take can be installed using the CPUSE.
- If the previous Take of Jumbo Hotfix Accumulator was installed using CPUSE, then all subsequent Takes must also be installed using CPUSE.
1005 and lower All Takes of Jumbo Hotfix Accumulator must be installed in the same way:
- If the Jumbo Hotfix Accumulator was installed for the first time using CPUSE, then all subsequent Takes must also be installed using CPUSE.
- If the Jumbo Hotfix Accumulator was installed for the first time using Legacy CLI, then all subsequent Takes must also be installed using Legacy CLI.
So, as Gunther said, you need to update CPUSE to one of recent versions and then just start the installation of Jumbo Hotfix from it. Old take of Jumbo Hotfix will be automatically deleted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you!
Installing the Latest Jumbo Hotfix
Hi ,
Need help with offline installation of Jumbo Hotfix. As per my understanding these are the steps :-
1) Check CPUSE version updated to latest build or not
2)Download Jumbohotfix Package
3) Import Package
4) Verify Package
5) Install Package
I am having problem with the Import procedure , how do i import the downloaded version to the firewall disk ?
can someone please guide wrt to this.
Thanks
.png "Wolfgang"){kind=avatar}
