This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CP-NDA
Collaborator
‎2024-02-07 06:23 AM

Failed to upgrade from SmartConsole

Hi,

 

I want to use the central upgrade for the first time in SmartConsole. The upgrade will be from R81.10 to R81.20 lates HFA

In SmartConsole when choosing a Gateway > Actions > Upgrade Version I have the following error

Failed to search for package Blink_image_1.1_Check_Point_R81.20_T631_JHF_T41_SecurityGateway.tgz on the Check Point Download Center. Reason: Unknown Error.

Pic.jpg

I then tried to import a package in the repository from cloud and get the following error

pic2.png

I've internet connectivity from the Management & SmartConsole: https://support.checkpoint.com/results/sk/sk83520

 

How can I troubleshoot the package download ? Is this download initiated by the Management ou the SmartConsole ?

 

Thank you

0 Kudos
15 Replies
Boaz_Orshav
Employee
Employee
‎2024-02-07 09:55 PM

Hi

  First of all "Unknown error" is never a good option so once we get the logs I'll try to find the best error that should be issued.

  Secondly regarding your question - on your first attempt the Smart Console "asks" the Gateway to install the recommended package so the Gateway tries to download the package from the cloud and fails.

  The second attempt was to download to the repository which is placed on the Management machine so the Management is initiating this action (and not the Smart Console)

  To solve it I will appreciate if you can run (expert mode on Management machine) "collect_logs.bash" and send me the resulted tgz file to boazo@checkpoint.com

  As a work around you can download the package from the SK and then upload it to the Package Repository locally

Thanks

Boaz

 

0 Kudos
CP-NDA
Collaborator
‎2024-02-13 04:35 AM
In response to Boaz_Orshav

Thank you ! Sent via email 

 

Unfortunately it means that with this Workaround all GW will download the file from the Management. We would prefer from cloud for performance reason (65 GW to upgrade)

 

0 Kudos
the_rock
Legend
Legend
‎2024-02-13 06:08 AM
In response to CP-NDA

I know there would be lots of people who will disagree with what I will say, but personally, I NEVER do any upgrades from smart console. I find its very unreliable (based on my lab tests) and doing it old school way from web GUI is what I always stick with and works totally fine.

Best,

Andy

NetAdminFTW
Contributor
‎2024-07-03 02:53 AM
In response to the_rock

Hey Andy,

Can you list the "old school way" steps regarding cluster upgrade? Specifically hotfix patching?

0 Kudos
the_rock
Legend
Legend
‎2024-07-03 04:59 AM
In response to NetAdminFTW

Super easy. ALWAYS do these steps on whichever one is backup member first, which can be verified by cphaprob state or cphaprob roles commands.

-log into web UI, status and actions, confirm right jumbo

-right click, verify

-if all green, just hit install

-wait until reoots, run cphaprob state to make sure it still shows backup and and also cpinfo -y fw1 to confirm new jumbo

-do same steps on master, and once rebooted, it would show as backup member and to fail back (if you like), run clusterXL_admin down; clusterXL_admin up on first member (original backup)

-install policy

Thats it 🙂

Andy

0 Kudos
NetAdminFTW
Contributor
‎2024-07-03 05:29 AM
In response to the_rock

Thanks for the comment.

Regarding the last step, I run both clusterXL_admin commands on the original backup? Or do I need to run admin_down on the original backup and admin_up on the original active?

0 Kudos
the_rock
Legend
Legend
‎2024-07-03 05:38 AM
In response to NetAdminFTW

You do it EXACTLY how I did it below (from my lab example) and if you get worried/concerned/confused or all 3, ping me and we can do remote.

Andy

 

****************************************************

 

Send automatic password
Access denied
admin@172.16.10.247's password:
Last login: Tue Jul 2 10:07:02 2024 from 100.65.16.1
[Expert@CP-FW-02:0]# cphaprob roles

ID Role

1 Non-Master
2 (local) Master

[Expert@CP-FW-02:0]# cphaprob state

Cluster Mode: High Availability (Active Up) with IGMP Membership

ID Unique Address Assigned Load State Name

1 169.254.0.112 0% STANDBY CP-FW-01
2 (local) 169.254.0.111 100% ACTIVE CP-FW-02


Active PNOTEs: None

Last member state change event:
Event Code: CLUS-114904
State change: ACTIVE(!) -> ACTIVE
Reason for state change: Reason for ACTIVE! alert has been resolved
Event time: Mon Jul 1 17:15:47 2024

Last cluster failover event:
Transition to new ACTIVE: Member 1 -> Member 2
Reason: ADMIN_DOWN PNOTE
Event time: Mon Jul 1 16:47:00 2024

Cluster failover count:
Failover counter: 3
Time of counter reset: Thu Jun 27 20:23:48 2024 (reboot)


[Expert@CP-FW-02:0]# clusterXL_admin down;clusterXL_admin up
This command does not survive reboot. To make the change permanent, run either the 'set cluster member admin {down|up} permanent' command in Gaia Clish, or the 'clusterXL_admin {down|up} -p' command in Expert mode
Setting member to administratively down state ...
Member current state is DOWN
This command does not survive reboot. To make the change permanent, run either the 'set cluster member admin {down|up} permanent' command in Gaia Clish, or the 'clusterXL_admin {down|up} -p' command in Expert mode
Setting member to normal operation ...
Member current state is STANDBY
[Expert@CP-FW-02:0]# cphaprob state

Cluster Mode: High Availability (Active Up) with IGMP Membership

ID Unique Address Assigned Load State Name

1 169.254.0.112 100% ACTIVE CP-FW-01
2 (local) 169.254.0.111 0% STANDBY CP-FW-02


Active PNOTEs: None

Last member state change event:
Event Code: CLUS-114802
State change: DOWN -> STANDBY
Reason for state change: There is already an ACTIVE member in the cluster (member 1)
Event time: Wed Jul 3 08:35:00 2024

Last cluster failover event:
Transition to new ACTIVE: Member 2 -> Member 1
Reason: ADMIN_DOWN PNOTE
Event time: Wed Jul 3 08:34:59 2024

Cluster failover count:
Failover counter: 4
Time of counter reset: Thu Jun 27 20:23:48 2024 (reboot)


[Expert@CP-FW-02:0]#

*****************************************************

0 Kudos
NetAdminFTW
Contributor
‎2024-07-04 12:42 AM
In response to the_rock

Thanks a lot for this. I now got it.

 

0 Kudos
the_rock
Legend
Legend
‎2024-07-04 04:45 AM
In response to NetAdminFTW

Did it work?

0 Kudos
NetAdminFTW
Contributor
‎2024-07-07 11:02 PM
In response to the_rock

I did the upgrade using SmartConsole, but I used your example in order to failover back to the original active member. Thanks!

the_rock
Legend
Legend
‎2024-07-08 03:11 AM
In response to NetAdminFTW

Good job!

0 Kudos
Robin_H
Contributor
‎2024-05-10 06:43 AM
In response to CP-NDA

Any updates on this? I have the same issue.

0 Kudos
the_rock
Legend
Legend
‎2024-05-10 07:02 AM
In response to Robin_H

I recently used this method for jumbo update on R81.20 and was fine. Whats version you are upgrading from and to?

Andy

0 Kudos
Robin_H
Contributor
‎2024-05-14 02:31 AM
In response to the_rock

R81.10 Take 130 to R81.10 Take 139

screenshot.png

0 Kudos
Amir_Senn
Employee
Employee
‎2024-07-03 08:16 AM
In response to Robin_H

I think that CPUSE might provide more detailed error. Perhaps you can use it on a single GW and use verify on the package. If you have a lot of GWs this worth a shot.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events