This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cem82
Contributor
‎2020-10-31 11:37 PM

Blink keeping some config from original build

Hi

I've tested out in lab for first time using blink image to go from R77.30 JHF317 > R80.30 JHF219 latest release blink using this syntax ./blink -i /var/log/blink/blink_image_1.1_Check_Point_R80.30_T200_JHF_T219_SecurityGateway.tgz -a /var/log/blink/answers.xml --reimage --delete-old-partition

 

I note that on the original version, I had various bond interfaces configure with IP addresses / vlans. After running blink the config does still have the physical bond config but not vlan/IP etc. My understanding was that ALL config would be gone after running blink and is exactly the same as going through installing manually from bootable USB / remote ISO boot, just faster to deploy and first time wizard completed as part of the install. Is that not the case and how to they differ as apperas not how I understood from what I'm seeing? I actually thought that the /var/log partition would be formatted and blink image mounted as a ramdrive or similar for the install process but see it's kept as-is too...

 

When going between major versions I prefer 'clean/fresh' install rather than 'upgrade' so everything is fresh as have found years ago some previous custom HF caused problems later down the line.

 

When trying to re-establish SIC with the upgraded gateway it is failing. Have I used wrong syntax for pass123 as SIC?
<activation_key>pass123</activation_key>

 

Thanks

0 Kudos
3 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2020-11-01 02:11 AM

Hi @cem82,

Here are the limitations from sk120193:

ID Symptoms
PMTR-47403 When performing advanced upgrade with Blink, make sure to configure the correct timezone on the new installed machine. 
- Default value for "Management GUI Clients" property is set to "Any"
DP-2884 Using Blink images to downgrade from kernel 3.10 to 2.6.18 is prohibited.
  • Use "revert to snapshot" in order to return to the old version 
DP-1644 Reimage: Blink reimage is blocked from running on VSX machines.
PMTR-41564 You can install Blink images on VSX machines only of blink images are R80.40 and up. 
-

No automatic Cleanup in case of un-normal progress interruption (power problem, early reboot, etc...).
In case interruption, perform the following (in expert mode):

  • Unmount blink new partition. Run:
    umount /mnt/fcd/proc /mnt/fcd/sys /mnt/fcd/dev /mnt/fcd/var/log /mnt/fcd/tmp /mnt/fcd /mnt/BlinkPlugAndPlay_usb
  • Remove blink new partition: lvremove /dev/vg_splat/lv_fcd_new 
  • Re-run the process
-

Running Blink on software RAID appliances is prohibited

  • Resolved in image released on 24 Jan 2018 
Bond Configuration is not preserved during Blink installation.        <<< This could be the problem!

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
cem82
Contributor
‎2020-11-01 02:23 PM
In response to HeikoAnkenbrand

Hi

 

Sorry must have overlooked that note, thought I scrolled to the bottom but guess not.  Regardless, if this is a fresh install then why is that some config is preserved?  I've repeated the process and found a few more things that suprise me.

Why is static routing kept?

It appears the MAC > interface naming file matches original /etc/udev/rules.d/00-OS-XX.rules

After the initial install and subsequent reboot couldn't ssh onto mgmt port.  After rebooting a second time I could - is that expected?

0 Kudos
Dov_Fraivert
Employee
Employee
‎2020-11-01 02:55 PM

Hi @cem82 

Only installation from ISO formats the machine.
However, both clean installation of blink image and clean installation of not blink image don't format the machine.
The clean installation only create a new current partition. The /var/log partition remains as it was.

Regards,
Dov

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events