Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor
Jump to solution

Installing the Latest Jumbo Hotfix

Hi , 

Need help with offline installation of Jumbo Hotfix. As per my understanding these are the steps :-

1) Check CPUSE version updated to latest build or not 

2)Download Jumbohotfix Package

3) Import  Package

4) Verify Package

5) Install Package

I am having problem with the Import procedure , how do i import the downloaded version to the firewall disk ?

can someone please guide wrt to this.

Thanks

2 Solutions

Accepted Solutions
AlekseiShelepov
Advisor

If you're too hardcore for web-interface, you can do it in CLI.

1. Copy Jumbo Hotfix package to the firewall into a temporary directory using SCP:

/var/log/upload/jumbo_hotfix/

2. Connect to the firewall with SSH in Clish

3. Acquire Configuration Lock over Gaia:

> lock database override

4. Import Jumbo Hotfix package:

> installer import local /var/log/upload/jumbo_hotfix/Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz

5. Check imported packages in Hotfixes section:

> show installer packages imported

> show installer package <Package_Number>

6. Verify that this package can be installed without conflicts:

> installer verify <Package_Number>

Info: Initiating verify of Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz...

Result: Installation is allowed

7. Install the imported package:

> installer install <Package_Number>

View solution in original post

(2)
LostBoY
Advisor

Thought about it but wasnt sure whether it will hamper current VSX configuration.

Does setting it of and on back again will impact the current scenario in anyway ?

View solution in original post

0 Kudos
22 Replies
Danny
Champion Champion
Champion

Just use the Import Package button.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

After downloading the file to your desktop, open the GAiA WebGUI in browser, go Upgrades (CPUSE) > Status and Actions and click Import Package:

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
LostBoY
Advisor

Thanks for the reply..but i am using a VSX environment

need to import the package through CLI for the Gateways

0 Kudos
G_W_Albrecht
Legend Legend
Legend

That is correct, CLI is the only way for VSX...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Danny
Champion Champion
Champion

Have you tried the following in GAiA VSX (sk92425) expert mode:

  1. set virtual-system 0; set vsx off
  2. Update via CPUSE within WebUI
  3. set vsx on
LostBoY
Advisor

Thought about it but wasnt sure whether it will hamper current VSX configuration.

Does setting it of and on back again will impact the current scenario in anyway ?

0 Kudos
AlekseiShelepov
Advisor

If you're too hardcore for web-interface, you can do it in CLI.

1. Copy Jumbo Hotfix package to the firewall into a temporary directory using SCP:

/var/log/upload/jumbo_hotfix/

2. Connect to the firewall with SSH in Clish

3. Acquire Configuration Lock over Gaia:

> lock database override

4. Import Jumbo Hotfix package:

> installer import local /var/log/upload/jumbo_hotfix/Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz

5. Check imported packages in Hotfixes section:

> show installer packages imported

> show installer package <Package_Number>

6. Verify that this package can be installed without conflicts:

> installer verify <Package_Number>

Info: Initiating verify of Check_Point_R77_30_JUMBO_HF_1_Bundle_T512_FULL.tgz...

Result: Installation is allowed

7. Install the imported package:

> installer install <Package_Number>

(2)
Danny
Champion Champion
Champion

There is also SmartUpdate:

LostBoY
Advisor

Thanks for the reply, my problem is with Point no.1 

How do i import the downloaded hotfix to the firewall ? anyother option apart from SCP ?

Thanks.

As the gateways are part of the VSX Cluster is CLI the only way ?

0 Kudos
AlekseiShelepov
Advisor

You can copy files from FTP server or from SCP server in your network, running commands on the VSX gateway.

But why do you have such question? Maybe you cannot connect because your account's default shell on VSX is clish? SCP uses SSH connection, which should be already available to you. Otherwise, how would you connect by SSH to do anything there? So, you should be able to run WinSCP on the machine from which you connect by SSH.

0 Kudos
Maarten_Sjouw
Champion
Champion

you might need to change the shell on the user you are using to be able to run scp, make sure to set the shell of the user to /bin/bash and then try to do the scp copy.

PS today I ran into a really weird problemalso on VSX. I was trying to run installer with jumbo 154, and the installer kept telling me there was a need to upgrade as the version was not the latest, it was 1573.

All morning in an chat and trying to get past this point, in the beginning of the afternoon, after lunch and a reboot all the sudden there was a different message, please update to the later version 1577 (the CPUSE SK was still saying 1573 was the latest), so installer agent update, but still it cannot get the update file.

Maybe someone at Check Point was to quick in setting the version number on the update server?

Regards, Maarten
LostBoY
Advisor

Changed the shell to bash and it worked.. Thanks a lot

I applied the update on 2 cluster members , however after updating when i check their status in SmartConsole one of the member displays up to date and the other says 3 updates available.. but i applied the same version for both.

0 Kudos
Maarten_Sjouw
Champion
Champion

On both members you can check with installer download-and-install <Tab key>  which packages should be available according to CPUSE. (if you have access to Internet  from the gateway)

Regards, Maarten
0 Kudos
genisis__
Leader Leader
Leader

Is there a log file we can tail to see the progress?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Find all details of CPUSE here:

sk92449: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
JozkoMrkvicka
Authority
Authority

If you have physical access, then you can download the latest jumbo hotfix into USB stick, plug USB into device and mount it according to this procedure:

How to mount a USB Drive in Gaia and SecurePlatform 

Kind regards,
Jozko Mrkvicka
0 Kudos
Luigi_Vezzoso1
Collaborator

Hi,

which is the best practice installing the JH? We should install directly the LATEST JHF or I should do each steps?

best regards

0 Kudos
G_W_Albrecht
Legend Legend
Legend

That only depends on the installed version and the gap between this and the new version - you can find details in sk106162 / sk116380 / sk137592 ! Usually, you first will have to update CPUSE DA to the current version if needed and then install the newest GA Jumbo HF.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Luigi_Vezzoso1
Collaborator

OK but In that SK i cannot find the "update" path between two JHF....isn't it?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

As i wrote already - only CPUSE DA has to be the newest version, then you can install the newest GA Jumbo directly on top of the opld Jumbo HF. Also, CPUSE will tell you upon verify if install is possible at all...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AlekseiShelepov
Advisor

For that kind of information you should read Important Notes section in sk106162 and notes right after Take link. As I remember, previously there was information for cases when some Takes must be uninstalled first, before installing the new version. And it is decribed for which appliances which takes should be installed.

Also, if your Jumbo Hotfix was installed in legacy CLI way (./UnixInstallScript), then it was required to remove it first. But it was fixed in newer CPUSE versions.

sk98028

4. How to install a newer Take of Jumbo Hotfix Accumulator on top of the current Take?
Jumbo Hotfix Accumulators support upgrade - i.e., a newer Take of Jumbo Hotfix Accumulator can be installed on top of the current Take of Jumbo Hotfix Accumulator.

CPUSE Agent buildNotes
1127 and above
  • If the previous Take of Jumbo Hotfix Accumulator was installed using Legacy CLI, then the next Take can be installed using the CPUSE.
  • If the previous Take of Jumbo Hotfix Accumulator was installed using CPUSE, then all subsequent Takes must also be installed using CPUSE.
1005 and lower

All Takes of Jumbo Hotfix Accumulator must be installed in the same way:

  • If the Jumbo Hotfix Accumulator was installed for the first time using CPUSE, then all subsequent Takes must also be installed using CPUSE.
  • If the Jumbo Hotfix Accumulator was installed for the first time using Legacy CLI, then all subsequent Takes must also be installed using Legacy CLI.

So, as Gunther said, you need to update CPUSE to one of recent versions and then just start the installation of Jumbo Hotfix from it. Old take of Jumbo Hotfix will be automatically deleted.

Luigi_Vezzoso1
Collaborator

thank you!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events