Create a Post
Showing results for 
Search instead for 
Did you mean: 

Disaster after Management Server Upgrade from R80.20 to R80.40

After an successful(…) upgrade of an R80.20 Managment Server to R80.40 with CPUSE we installed policy to the main gateway/cluster. After that we had a major outage for many  server communications.


What happened:

The Checkpoint upgrade process (re)created an object named “CP_default_Office_Mode_addresses_pool” with IP range  and “Automatic HIDE NAT” turned on.

( this object was deleted (long time) ago because it was not needed (no VPN) and in conflict with the “server” network)

The result:

Because this new/(“Default”) network object  included IPs from the "server" network  important communication from these servers where  stuck because of turned on "Automatic hide NAT" ( there was no NAT before )

These broke a lot of important services immediately.


I know, this is not a new behavior  – I know from experiences in the past for deleted “Default” objects/rulebases.  I also found similar  references (e.g. R75.30 - see end of page )

I do not understand, why CheckPoint is (re)creating this network object – including Automatic NAT - during an Upgrade?
At least I expect  a warning or notice ( e.g. "pre_upgrade_verifiyer" …) !

With a decission to create this object R&D forces the customer to  have big outages !

CheckPoint – please explain, why you need to create this object ?




2 Replies

Hi @Martin_Hofbauer, my name is Eran and I'm a Group Manager in R&D, my team is responsible for the Management upgrade process. I'm sorry for your bad experience and for the business impact you had, and I'm taking it very seriously. I will sync with my team and with my colleagues in R&D to understand better what was the expected outcome and what went wrong. If you already opened a ticket to TAC please share it with me (privately). I will update you offline when we conclude the discussion, and afterwards I will share more info on this thread with everyone.

0 Kudos


I would like to update that a fix to this issue has been released.

The fix included in the following upgrade tools packages (or newer) :

R80.40 upgrade tools package 994000325

R81 upgrade tools package 995000409 

Please follow sk135172 to download the upgrade tools package.