This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
a week ago
Jump to solution

Quantum Force 3920

Hi Mates,

Yesterday I configured a Quantum Force 3920 cluster running R82.10, managed by an R82 -S1C. Everything seems to be working fine so far.

However, I have a question because I’m a bit confused: does this cluster require any hotfixes to be installed?
When i'm try to download a pacakeg this is the only option:


installer download
** ************************************************************************* **
** Majors **
** ************************************************************************* **
Num Display name Status
1 Check_Point_R82.10_T464_Gaia_Install_and_Upgrade_For_3900_Appliances.tgz Available for Download

I put the cpinfo output:

cpinfo -y all

This is Check Point CPinfo Build 914000219 for GAIA
[CPshared]
No hotfixes..
[IDA]
No hotfixes..
[CPFC]
No hotfixes..
[MGMT]
No hotfixes..
[FW1]
HOTFIX_INEXT_NANO_EGG_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R82.10 - Build 407
kernel: R82.10 - Build 422
[SecurePlatform]
No hotfixes..
[CPinfo]
No hotfixes..
[PPACK]
No hotfixes..
[AutoUpdater]
HOTFIX_INFRA_CONFIG_AUTOUPDATE
[DIAG]
No hotfixes..
[CVPN]
No hotfixes..
[CPUpdates]
BUNDLE_INEXT_NANO_EGG_AUTOUPDATE Take: 38
BUNDLE_CPVIEWEXPORTER_AUTOUPDATE Take: 75
BUNDLE_QUID_AUTOUPDATE Take: 53
BUNDLE_CPOTLPAGENT_AUTOUPDATE Take: 131
BUNDLE_CPOTELCOL_AUTOUPDATE Take: 210
BUNDLE_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE Take: 21
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 158
BUNDLE_HCP_AUTOUPDATE Take: 88
BUNDLE_CPSDC_AUTOUPDATE Take: 40
BUNDLE_INFRA_CONFIG_AUTOUPDATE Take: 13
[cpsdc_wrapper]
HOTFIX_CPSDC_AUTOUPDATE
[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE
[CPotelcol]
HOTFIX_OTLP_GA
[CPotlpAgent]
HOTFIX_OTLP_GA
[CPquid]
HOTFIX_QUID_AUTOUPDATE
[CPviewExporter]
HOTFIX_OTLP_GA

Platform: BT-91-00
Model: CheckPoint 3920
CPU Model: Arm..Neoverse..(N2)
CPU Frequency: 1600 MHz
Number of Cores: 6
CPU Hyperthreading: Disabled



Thanks in advance

0 Kudos
2 Solutions

Accepted Solutions
Tom_Hinoue
Advisor
Advisor
a week ago
Jump to solution

See here.

Jumbo Hotfix Accumulator for Quantum Force 3900 Appliances
https://support.checkpoint.com/results/sk/sk183557

The latest JHF build is Take 22 for 3900 appliances, but from your cpinfo output it says the base build is T464 which already includes the fixes from Take 22. This means your appliance is already up to date and no hotfixes are needed atm.

>>The content of Jumbo Hotfix Accumulator for Quantum Force 3900 Appliances Take 22 is included in Check Point R82.10 Take >>464. You do not need to install Jumbo Hotfix Accumulator for Quantum Force 3900 Appliances Take 22 on top of R82.10 Take 464.

::EDIT::
I saw the output says a T464 is available for "download", sorry for my confusion.
You may also want to check CPUSE if it suggests you a JHF T22 is available for your environment. Thanks.

View solution in original post

emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
a week ago
Jump to solution

Check your OS build in clish with 'show version all'. If you have the old build of R82.10 (271?) then you need to install the special JHF for 3900 take 22, then upgrade to R82.10 build 464 with the package available for download there.

Or if this isn't in production yet, the cleanest way would be to get the R82.10 build 464 ISO for 3900s (it's not the regular ISO, there's a special one for the 3900s) and install it fresh with ISOMorphic. This will have the advantage of ensuring that the factory default image on there is updated too. 

View solution in original post

18 Replies
Tom_Hinoue
Advisor
Advisor
a week ago
Jump to solution

See here.

Jumbo Hotfix Accumulator for Quantum Force 3900 Appliances
https://support.checkpoint.com/results/sk/sk183557

The latest JHF build is Take 22 for 3900 appliances, but from your cpinfo output it says the base build is T464 which already includes the fixes from Take 22. This means your appliance is already up to date and no hotfixes are needed atm.

>>The content of Jumbo Hotfix Accumulator for Quantum Force 3900 Appliances Take 22 is included in Check Point R82.10 Take >>464. You do not need to install Jumbo Hotfix Accumulator for Quantum Force 3900 Appliances Take 22 on top of R82.10 Take 464.

::EDIT::
I saw the output says a T464 is available for "download", sorry for my confusion.
You may also want to check CPUSE if it suggests you a JHF T22 is available for your environment. Thanks.

RemoteUser
Advisor
a week ago
In response to Tom_Hinoue
Jump to solution

Thank a Lot!

0 Kudos
the_rock
MVP Diamond
MVP Diamond
a week ago
In response to RemoteUser
Jump to solution

Hey bro,

I dont believe there is an official "standalone" jumbo take yet for R82.10, its all included in the base version. Once first comes out, Im sure there will be a link for it and announcement on the community.

Best,
Andy
0 Kudos
Steffen_Appel
Advisor
11 hours ago
In response to Tom_Hinoue
Jump to solution

How can you upgrade the factory image to a new take on the 3920?

0 Kudos
RemoteUser
Advisor
11 hours ago
In response to Steffen_Appel
Jump to solution

What you mean sorry?
Can you elaborate more? If the appliance have the OS build 271, so you need to upgrade to R82.10 Take 464. This Take (464) include the JHF 22.

0 Kudos
Steffen_Appel
Advisor
11 hours ago
In response to RemoteUser
Jump to solution

The normal upgrade only upgrades the current image, a factory reset will revert to the old factory image - on the Sparks appliance you can update the factory image from the current image, is there a way for other appliances as well?

0 Kudos
Steffen_Appel
Advisor
10 hours ago
In response to RemoteUser
Jump to solution

Is Isomorphic the only way?

0 Kudos
RemoteUser
Advisor
10 hours ago
In response to Steffen_Appel
Jump to solution

You can do a clean install

0 Kudos
Steffen_Appel
Advisor
9 hours ago
In response to RemoteUser
Jump to solution

Does that update the factory image?

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
9 hours ago
In response to Steffen_Appel
Jump to solution

A clean build from USB using Isomorphic is the only way to change the factory defaults image on any full Gaia system.

Steffen_Appel
Advisor
a week ago
Jump to solution

Take 464 is the latest build for R82.10, which includes JHFA take 22 and additional patches, from the dokumentaion you should be fine and the doku says, that new jumbos will rquire T464 as the base.

 

So as we got out 3920 with the older GA version of R82.10, we had to install jumbo 22 and then T464 to be able to install future jumbos.

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
a week ago
Jump to solution

Check your OS build in clish with 'show version all'. If you have the old build of R82.10 (271?) then you need to install the special JHF for 3900 take 22, then upgrade to R82.10 build 464 with the package available for download there.

Or if this isn't in production yet, the cleanest way would be to get the R82.10 build 464 ISO for 3900s (it's not the regular ISO, there's a special one for the 3900s) and install it fresh with ISOMorphic. This will have the advantage of ensuring that the factory default image on there is updated too. 

RemoteUser
Advisor
a week ago
In response to emmap
Jump to solution

Product version Check Point Gaia R82.10
OS build 271
OS kernel version 5.14.0-427.13.1cpaarch64
OS edition aarch64

0 Kudos
RemoteUser
Advisor
a week ago
In response to emmap
Jump to solution

Can i leave at the moment the cluster in this way? (Without JHF)  What could be the impact? Thanks @emmap 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
a week ago
In response to RemoteUser
Jump to solution

You risk encountering already resolved issues at a minimum.

Rather what would be the motivation not to apply the updates?

Future JHF will not be installable without first  undertaking the upgrade as described above by Emma.

CCSM R77/R80/ELITE
RemoteUser
Advisor
a week ago
In response to Chris_Atkinson
Jump to solution

I'm just curious 🙂

0 Kudos
Phil_Pasquier
Participant
Participant
10 hours ago
In response to RemoteUser
Jump to solution

Has anyone here performed the upgrade on 3920 appliances from R82.10 T271 JHF T22 to R82.10 T464 using the package:

Check_Point_R82.10_T464_Gaia_Install_and_Upgrade_For_3900_Appliances.tar

Any issue ?

Thanks

Phil

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
9 hours ago
In response to Phil_Pasquier
Jump to solution

I haven't done it myself, but I've heard from people who have and they haven't reported any issues. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events