Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anthony_Kahwati
Collaborator

R81 - SmartUpdate Package Repository

Jump to solution

Afternoon all

I'm trying to update an R81 Manager via Smart Update....

SmartUpdate > Packages > Add > From File

I kept on rejecting the attempt with the below error:

SMS_Update_Error.jpg

As that was failing I thought I'd use GAIA CPUSE, which worked fine. This lead me to think that I add it this way to the manager then it will become available in the Repository in SmartUpdate, but still no sign of it.

Has anyone used this method to upgrade / update before? My aim is to remotely update the managed gateways direct from the manager.

Many thanks

Anthony

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

No ! See Security Management R81 Administration Guide p.138: Central Deployment of Hotfixes and Version Upgrades

Adding a package to the Package Repository

  1. From the left navigation panel, click Manage & Settings.

  2. From the left tree, click Package Repository.

  3. Click New and select one of these options:

- Download from cloud - To download the package to the Package Repository from the Check Point Cloud, enter the package name and click Download.

- Upload from local - To upload the package to the Package Repository from your device, browse to the applicable package and click Open.

After the download or upload is complete, the package appears in the Package Repository window in SmartConsole > Manage & Settings view.

View solution in original post

14 Replies
Timothy_Hall
Champion
Champion

The "gateway upgrade" portion of SmartUpdate (including the Package Repository) is not integrated at all with CPUSE and is very old.  I haven't utilized that feature of SmartUpdate in many years, but overall CPUSE works well if you have the latest Deployment Agent and that is what you should use.  It also appears that the license management function of SmartUpdate (which is still quite relevant today) is slowly being integrated into the main SmartConsole in the latest releases and Jumbo HFAs, so it would appear SmartUpdate's days are numbered anyway.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
G_W_Albrecht
Legend
Legend

That is very true, Timothy ! Here, i would just stay with the Dashboard instead of using several CPUSE WebGUIs 😎:

Actions_InstallHFJumbo.pngInstallHFJumbo_Win.png

G_W_Albrecht
Legend
Legend

But this manual process will download the Jumbo on every GW - if you have many GWs, you can use sk111158: Central Deployment Tool (CDT)

Boaz_Orshav
Employee
Employee

Notice that you can upload packages to a package repository placed on the management machine.

Then the package will be distributed to the GWs from the management repository instead of download it for each GW separately:

 

G_W_Albrecht
Legend
Legend

Yes, that is true, we have a selectable package location source - i can then do Action > Install HF using the Jumbo from SMS !

Anthony_Kahwati
Collaborator

I see this now.... I've never used the central deployment from the Smart Update console so assumed when I had the right version of R80 or 81 then that was it!..... hadn't done my research!

It seems you can only get the JHF's from Checkpoint download centre via this method so the machine has to have Internet access. Unfortunately this particular install is air-gapped and can't reach the Internet. 

0 Kudos
G_W_Albrecht
Legend
Legend

No ! See Security Management R81 Administration Guide p.138: Central Deployment of Hotfixes and Version Upgrades

Adding a package to the Package Repository

  1. From the left navigation panel, click Manage & Settings.

  2. From the left tree, click Package Repository.

  3. Click New and select one of these options:

- Download from cloud - To download the package to the Package Repository from the Check Point Cloud, enter the package name and click Download.

- Upload from local - To upload the package to the Package Repository from your device, browse to the applicable package and click Open.

After the download or upload is complete, the package appears in the Package Repository window in SmartConsole > Manage & Settings view.

View solution in original post

Anthony_Kahwati
Collaborator

Ah! Thank you.

0 Kudos
Bob_Zimmerman
Advisor

Wow. I've seen people put hardware information in hostnames, but that's a whole other level. This box is in a lab, surely?

G_W_Albrecht
Legend
Legend

Of course 😎

PhoneBoy
Admin
Admin

We changed to CPUSE packages back in the R77 timeframe.
SmartUpdate does NOT use this mechanism.
The only thing you can update using this mechanism is legacy SMB appliances running R77.20.x code.

In R81 you should be able to manage licenses and CPUSE packages from SmartConsole itself (not using SmartUpdate).
Contracts or management of licenses offline might be the only reason to use SmartUpdate at this point.

Timothy_Hall
Champion
Champion

Ah I was wondering if the SmartUpdate upgrading capability was even still supported any more, thanks for the clarification.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
JozkoMrkvicka
Leader
Leader

Maybe the original name of "SmartUpdate" is little bit confusing now. It WAS used in the past for updates, but nowadays mostly as licensing tool, so maybe correct name should be "SmartLicense". Not sure if this should be considered in the future, as starting from R81 there shouldnt be use case for SmartUpdate...

Kind regards,
Jozko Mrkvicka
PhoneBoy
Admin
Admin

Ultimately, the goal is to completely deprecate SmartUpdate.
Right now, the only reasons to still use SmartUpdate in R8x are specific to licensing in specific scenarios per sk149872:

  • Open Server activation (not entirely sure this is required)
  • License manual updates for totally offline domains (activation, renewal, relicense…)
  • Central licensing for Dynamic gateway IPs (if the gateway doesn't have a built-in license)