This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Diamond
MVP Diamond
‎2026-02-10 08:13 AM
Jump to solution

Recommended jumbo hotfix install question

Hey guys,

Had client ask me this yesterday and quite frankly, was not sure what to even make of it. They essentially wanted to know if there was any way to install jumbo hotfix on their R81.20 cluster once take is recommended say at  1 am on specic day of the week.

I reckon cron job might be one option for it, but since we would not know when jumbo would become recommended, not even sure how that would work.

Thoughts?

Thanks as always for your support, I truly appreciate it.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
1 Solution

Accepted Solutions
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-10 08:18 AM
Jump to solution

Technically speaking, this might be feasible with a script started by cron that repeatedly checks whether there is anything new e.g. using “show installer packages” and, if so, gets started.

But.
For my part, however, I would definitely not consider something like this, and if I were still working for service providers, I would talk the customer out of such a crazy idea.
But everyone can see it as they wish.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

9 Replies
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-10 08:18 AM
Jump to solution

Technically speaking, this might be feasible with a script started by cron that repeatedly checks whether there is anything new e.g. using “show installer packages” and, if so, gets started.

But.
For my part, however, I would definitely not consider something like this, and if I were still working for service providers, I would talk the customer out of such a crazy idea.
But everyone can see it as they wish.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Diamond
MVP Diamond
‎2026-02-10 08:20 AM
In response to Vincent_Bacher
Jump to solution

Yea, I get what you mean Vince. I dont even think they were truly considering this, more just as an idea.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-02-10 08:34 AM
Jump to solution

Cronjob can start an update for sure but how would it know when to perform failover to the other member when it is ready. Unit will reboot after jumbo update. With a script you can do a lot also some checks if the other member is ready. But in general I would advise against it to many factors that could go wrong. 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-10 08:37 AM
In response to Lesley
Jump to solution

Im with you 100%, Lesley. Thats exactly the thought I had as well when they described it to me.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-10 08:40 AM
In response to Lesley
Jump to solution

A script could be used on the management and once a new jumbo is available use cdt which does the needful for a cluster including creating the deployment plan and so on.

If there is a way using SmartConsole…no clue.

But I would advise against that too.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-10 08:43 AM
In response to Vincent_Bacher
Jump to solution

@Lesley and @Vincent_Bacher 

Thanks guys for your great help, as always! I told them even yesterday that this was not the best idea, but they still wanted to know if it was possible, hence my question. Since mgmt is S1C, cdt method can also be used, so thats most likely what we will go with for the next recommended jumbo take.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-02-10 10:12 AM
In response to the_rock
Jump to solution

correct with cdt there is more automation possible even for clusters

https://sc1.checkpoint.com/documents/CDT/Unified/Topics/Package-Installation-in-Clusters.htm

Maybe this is better answer for the customer then no 😉 

-------
Please press "Accept as Solution" if my post solved it 🙂
the_rock
MVP Diamond
MVP Diamond
‎2026-02-10 10:13 AM
In response to Lesley
Jump to solution

This dude is super chill, so Im sure they would not be disappointed either way : - )

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-02-10 10:03 AM
Jump to solution

The jumbo page claims there's an RSS feed, but it doesn't seem to actually work. It just has a single item, which is a link to the documentation page. No information about what jumbos exist, let alone which are recommended. Right now, I think the only option is scraping the site and processing the HTML.

I've asked for a few years, now, for a machine-readable list of jumbos so I could build a system like this. ElasticXL clusters have several ways to accidentally update all of the members at once (thereby causing a hard outage), so I'm working on a tool to install jumbos. I'd like to be able to fully automate it on some of my less-critical firewalls so I can hold them up as examples when it's time to update more sensitive systems.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events