Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Declan__McGill
Contributor

Installing take 10 of R80.10 blew away the gateway part of a single gateway setup. Is that a known problem? I assume not. :-(

This is a heads-up for anybody thinking of installing the T10. Make sure you have a backup in case it is not specific to my installation.  

8 Replies
PhoneBoy
Admin
Admin

Backups are never a bad idea.

That said, I hope you're working with the TAC as that definitely does not sound like expected behavior.

Just to clarify, this is on a standalone gateway (FW + Management on same system), correct? 

0 Kudos
Declan__McGill
Contributor

Yep. Standalone.

Nope, no tac. it's a test system with no coverage. But I have fed back to cp.

Backups / snapshots are always good;-)

0 Kudos
Roman_Kats
Employee
Employee

Hello Declan ,
My name is Roman
I would try to reproduce the issue you have encountered on.
If it's possible, could answer on several questions below:

1) What Deployment agent version have you used?

2) What appliance/open server do you use?
3) What method of Jumbo installation have you used, CPUSE Web or CPUSE CLI?
4) Have you installed Jumbo over R80.10 GA or previous Jumbo HFs?
5) Was it clean install of R80.10 GA or upgrade from previous versions?
6) Does your environment include SA only or there additional GWs are managed by it?
7) In general what do you mean when you say GW blew out? Is there some Check Point processes  that are terminated? Or you don't see enforcement when you try to move some traffic through the GW?

Thanks in advance!
Roman

0 Kudos
Declan__McGill
Contributor

Hi Roman,

see inline

Declan

Re: Installing take 10 of R80.10 blew away the gateway part of a single gateway setup. Is that a known problem? I assume not. Smiley Sad

reply from Roman Kats<https://community.checkpoint.com/people/roman39372b56-5450-4c97-9f2a-c8ab27d5ec0a?et=watches.email.thread> in Installation, Maintenance, and Upgrades - View the full discussion<https://community.checkpoint.com/message/6657-re-installing-take-10-of-r8010-blew-away-the-gateway-part-of-a-single-gateway-setup-is-that-a-known-problem-i-assume-not-?commentID=6657&et=watches.email.thread#comment-6657>

0 Kudos
Declan__McGill
Contributor

itevomcid

Declan Mc Gill

Senior Security Consultant

Dimension Data Switzerland

Tel: +41 21 631 00 74

Mob: +41 79 301 50 77

declan.mcgill@dimensiondata.com

Dimension Data SA (Switzerland), Route du Bois-Genoud 1, Crissier, Vaud, 1023, Switzerland.

For more information, please go to www.dimensiondata.com<http://www.dimensiondata.com/>

<http://blog.dimensiondata.com/> <http://www.facebook.com/dimensiondata> <http://www.linkedin.com/company/dimension-data> <http://twitter.com/dimensiondatauk>

0 Kudos
Declan__McGill
Contributor

Roman,

I still have the VM.

I can send you a snapshot or a backup.

Declan

Declan Mc Gill

Senior Security Consultant

Dimension Data Switzerland

Tel: +41 21 631 00 74

Mob: +41 79 301 50 77

declan.mcgill@dimensiondata.com

Dimension Data SA (Switzerland), Route du Bois-Genoud 1, Crissier, Vaud, 1023, Switzerland.

For more information, please go to www.dimensiondata.com<http://www.dimensiondata.com/>

<http://blog.dimensiondata.com/> <http://www.facebook.com/dimensiondata> <http://www.linkedin.com/company/dimension-data> <http://twitter.com/dimensiondatauk>

This email and all contents are subject to the following disclaimer:

"http://www.dimensiondata.com/emaildisclaimer"

0 Kudos
Perry_McGrew
Contributor

Hmmm.  I have not experienced this issue.   But my gateways are physical.  I have been deploying 3200's with R80.10 & T10.   I've done 2 methods.   However, I reimaged all 3200s with ISOMORPHIC tool to R80.10.   Then I downloaded T3 to PC and used CPUSE Import on the 3200 to bring in and apply T3.  I believe I deployed 2 of the 3200's at this level.  Then T10 was released.   I downloaded the T10 to these two 3200's already deployed and installed with no problem.   The rest of my 3200 that I needed to deploy, I followed the same process that I first outlined...except I replaced the CPUSE Import if T3 with T10 since it is inclusive.   All I have left is to upgrade my two 5800 ClusterXL HA devices from R77.30 to R80.10.  

We are centrally managed design...so our FW Mgt server is also R80.10 T10.  My only issues with process has been the Topology import -- I have had to manually edit the 3200 I/F definitions to get policy installed.  The other is cosmetic... my Laptop has a 4K display and SmartDashboard does not always display correctly on these high DPI screens!

0 Kudos
Eran_Habad
Employee
Employee

Hi https://community.checkpoint.com/people/declabd8c8a75-79ea-46a0-b763-606be6102a47 (and everyone else),

I'm Eran and I'm a manger in the R&D of CheckPoint, responsible for I/S in the Management Server.

First, thanks for raising this issue and I appreciate your cooperation with CheckPoint regarding this investigation, you helped us a lot to progress it.

Our team found the root cause of this issue and I would like to share with you some insights we have:

  1. This issue is not related to the hotfix and can theoretically happen using R80.10 GA.
  2. It is caused by a rare combination of circumstances in our internal DB and this is the first time we see it in action.
  3. The impact of the problem is only cosmetic (no effect on configuration or install policy) and the scope is limited to your specific session.
    Meaning, for every other admin the GW will be visible, and also for you if you open a R/O session.
  4. The WA for this issue is to discard/publish your session, the GW will be back with no further implications. If you have no changes in the session simple make a change and then discard the session.
  5. We will deliver a fix to next hotfix and create an SK.

Regards,

Eran

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events