Hi,

CP Support said, that there is an "bug" that sends a package (from an standby member that is beeing updated) to the active which trigers the reboot... They also send us a fix as they did to Perry but we are a bit sceptical... We have firewalls in hospitals and if they reboot during an upgrade that is far from ideal...

We will keep you posted if CP finds something else...

Im with you there...I would personally not install any custom fixes, but thats just me.

Andy

We did but all we got is the same answer/solution as Perry - so we are a bit sceptical about it... Lets see how long do they need to release an JHF with the fixes...

KR
Rok

Personally, I would wait. Im always honest with people about everything, no matter how good or bad it sounds and I can tell you from my own experience, installing those custom fixes, it NEVER led me to successful maintanance window later on to install regular hotfix, but again, thats just me. I cant speak for anyone else, but I would not install those ever again, been there, done that.

Best,

Andy

Yea, I dont get warm and fuzzy feeling about it either. I know in the old days of CP, you would get custom fix on top of jumbo, but personally, I always found that to be nightmare scenario down the road when you would have to install another recommended / latest jumbo for a different issue, so I stopped with that practise while back. Now, I prefer to actually wait intil there is release that included all the issues customer may be having, rather than opting for the custom fix, whatever it might be, unless its super urgent/critical issue.

Just my 2 cents.

Best,

Andy

I've been using CP since 3.0b.  I learned a long time ago to avoid hot fixes whenever possible.   I see that JHF 45 is out, but the 2 fixes don't seem to describe the issue JHF 43 introduced.  JHF 43 had some feature improvements we were interested in.   But I don't want to go through having to go back to TAC to get an updated Hot Fix based on JHF 45.   I will try to get the internal tracking number for the Bug and post it here.  

Perry

I hear ya. I dont mind recommended hotfixes, but I would never install custom fix if one was suggested. Been there, done that.

Best,

Andy

I re-opened my TAC case to request the CP tracking number.   So far, the only response has been "...have you installed the Hot Fix we published on the SFTP Server?..." 😖

JHF 45 does not appear to have the fix... in the past, usually have to go back to TAC to have a custome HF recoded to support the the latest JHF.   Just not worth the time & risk to roll back the custom HF to apply JHF 45 and a re-coded HF (if needed) to fix this issue.   I will wait for the official fix in the published JHF.

Perry

I agree 100%, not worth the time as you said and more importantly, NOT worth a risk. As far as the response you mentioned, its best I dont even comment on it lol

Andy

Finally got a response from Check Point TAC.   It is below:

The T43_962 HF includes two fixes numbers PRHF-31146 and PRHF-29514, to be added to the R81.20 jumbo HF SK. In theory, every fix will sooner or later get integrated into JHF.

Currently, PRHF-31146 is on the list to be added to R81.20 JHF but as of now, a JHF take number has not been assigned yet. PRHF-29514 has been added to the next R81.20 JHF, which has not been released yet.

I think I will hold on JHF 41 and future JHF's on the Gateways until these fixes are incorporated.   My Mgt server has been on JHF 43 and been solid.  

Perry

Sounds like a smart decision to me.

Best,

Andy

Hello Guys, 
we have seen a similar issue on Maestro with R81.20 HFA 43 and HF45. The updated SGM were stuck in constant boot loops.
In "cphaprob -list"  we a saw a "Configuration" PNOTE, so a config sync issue.

Now TAC is working on custom hotfixes to mitigate this boot loops, but based on HFA 41, since they admitted that HFA 43 and HFA 45 are not the ideal choice for Maestro / VSX.

best regards

Lets hope next one that comes out will include all those fixes.