R81.10 Jumbo Hotfix Accumulator take #87 has been released today (formerly, Ongoing)

Installed it in the lab, all good! Bit surprised it took 40 minutes to install, but regardless, seems stable.

Is there some further insight to this?    what 'self-updatable' packages is being referenced?     

IDProductDescription

Good point @Scottc98 . I did not notice that part, but would be curious to know as well. @eranzo , any idea?

Andy

Run the command autoupdatercli show from expert mode to see the full list of things covered by the auto-update framework.

Thanks @PhoneBoy , never heard of that command before, good to know!

Hi Scott, Andy and everyone, 

As you are probably aware, some of component of Check Point's code can be updated automatically with the user's consent. CPUSE is one example, but other products and also signatures. 

Jumbos contain some of these components, and whenever we release a new version or Jumbo, we want to align the components to their latest version, specifically to make sure that customers who do not get the updates automatically will benefit from the latest updates. 

Most components are now controlled by one mechanism (for better control and reliability), and the CLI command that PhoneBoy shared can show those. 

I just ran it in my R81.20 lab fw and below is the output. Its great command, for sure.

[Expert@quantum-firewall:0]# autoupdatercli show

product-name: deployment_products

component-name: CDT
component-branch: CDT_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: DDR
component-branch: DDR_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: Deployment_Installer
component-branch: dep_installer_AutoUpdate
GA-Version: 17
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: dep_installer_AutoUpdate
package-version: 25
package-name: Check_Point_Deployment_Installer_Bundle_T25_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

component-name: auto_updater
component-branch: Infra_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: Infra_AutoUpdate
package-version: 58
package-name: Check_Point_Self_Update_Bundle_T58_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

component-name: general_updates
component-branch: general_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: CloudGuard_IaaS

component-name: CME
component-branch: cme_AutoUpdate
GA-Version: 0
download-scheduler-active: false
install-scheduler-active: false
download-action: idle
install-revert-action: idle

component-name: CML
component-branch: cml_AutoUpdate
GA-Version: 0
download-scheduler-active: false
install-scheduler-active: false
download-action: idle
install-revert-action: idle

component-name: public_cloud_ca_bundle
component-branch: public_cloud_ca_bundle_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: public_cloud_ca_bundle_AutoUpdate
package-version: 19
package-name: Check_Point_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE_Bundle_T19_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

product-name: uepm

component-name: UEPM_WEB_UI
component-branch: UEPM_WEBUI_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: mta

product-name: maas

component-name: maas_tunnel
component-branch: R80_40_maas_tunnel_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: cvpn

component-name: esod_compliance_scanner
component-branch: ESOD_Scanner_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: ESOD_Scanner_AutoUpdate
package-version: 10
package-name: Check_Point_ESOD_SCANNER_AUTOUPDATE_Bundle_T10_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

component-name: esod_cshell
component-branch: ESOD_CShell_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: ESOD_CShell_AutoUpdate
package-version: 18
package-name: Check_Point_ESOD_CSHELL_AUTOUPDATE_Bundle_T18_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

component-name: esod_secure_workspace
component-branch: ESOD_SWS_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: ESOD_SWS_AutoUpdate
package-version: 14
package-name: Check_Point_ESOD_SWS_AUTOUPDATE_Bundle_T14_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

product-name: tex

product-name: DynamicContent

component-name: dc_content
component-branch: dc_content_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: dc_content_AutoUpdate
package-version: 15
package-name: Check_Point_dc_content_Bundle_T15_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

component-name: dc_infra
component-branch: dc_infra_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: dc_infra_AutoUpdate
package-version: 30
package-name: Check_Point_dc_infra_Bundle_T30_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

product-name: itp

component-name: simplified_threat_prevention
component-branch: GOT_MGMT_AutoUpdate
GA-Version: 0
download-scheduler-active: false
install-scheduler-active: false
download-action: idle
install-revert-action: idle

package-branch-name: GOT_MGMT_AutoUpdate
package-version: 102
package-name: Check_Point_GOT_MGMT_AUTOUPDATE_Bundle_T102_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

component-name: tp_conf
component-branch: GOT_TPCONF_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: GOT_TPCONF_AutoUpdate
package-version: 111
package-name: Check_Point_GOT_TPCONF_AUTOUPDATE_Bundle_T111_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

component-name: tp_conf_mgmt
component-branch: GOT_TPCONF_MGMT_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: GOT_TPCONF_MGMT_AutoUpdate
package-version: 36
package-name: Check_Point_GOT_TPCONF_MGMT_AUTOUPDATE_Bundle_T36_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

product-name: mwc

component-name: web_console
component-branch: webconsole_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: webconsole_AutoUpdate
package-version: 72
package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T72_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

product-name: cpm_doctor

component-name: ngm_doctor
component-branch: ngm_doctor_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: harvey

component-name: VCE
component-branch: vce_R81_20_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: vce_R81_20_AutoUpdate
package-version: 15
package-name: Check_Point_VCE_R81_20_AUTOUPDATE_Bundle_T15_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

product-name: SP

product-name: SandblastMobile

component-name: sbm_connector
component-branch: sbm_connector_AutoUpdate
GA-Version: 0
download-scheduler-active: false
install-scheduler-active: false
download-action: idle
install-revert-action: idle

product-name: diagnostics

component-name: CPMID
component-branch: cpmid_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: CPotelcol
component-branch: CPotelcol_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: CPviewExporter
component-branch: CPviewExporter_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: core_uploader
component-branch: core_file_uploader_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: core_file_uploader_AutoUpdate
package-version: 17
package-name: Check_Point_CFU_AutoUpdate_Bundle_T17_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: true

package-branch-name: core_file_uploader_AutoUpdate
package-version: 21
package-name: Check_Point_CFU_AutoUpdate_Bundle_T21_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

product-name: accelerated_install_policy

product-name: OS

component-name: hw_info
component-branch: hw_info_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: HealthCheck_Point

component-name: hcp
component-branch: hcp_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: hcp_AutoUpdate
package-version: 58
package-name: Check_Point_HCP_AUTOUPDATE_Bundle_T58_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

product-name: Memory_Analyzer_Tool

component-name: Memory_Analyzer_Tool
component-branch: mat_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: CheckPointSupportDataCollector

component-name: cpsdc
component-branch: cpsdc_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: cpsdc_AutoUpdate
package-version: 21
package-name: Check_Point_CPSDC_AUTOUPDATE_Bundle_T21_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

product-name: SharedObjects

component-name: sho
component-branch: dana_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: dana_AutoUpdate
package-version: 116
package-name: Check_Point_Shared_Object_Bundle_T116_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

product-name: InfinityOnPrem

component-name: infinity_onprem
component-branch: tunnel_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: tunnel_AutoUpdate
package-version: 38
package-name: Check_Point_TUNNEL_AUTOUPDATE_Bundle_T38_FULL.tgz
package-installed: false
package-installable: true
package-previously-installed: false

product-name: DiffReportServer

component-name: diff_report_client
component-branch: minmus_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: diff_report_server
component-branch: kerbin_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: uca

component-name: uca_infra
component-branch: uca_infra_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: uca_infra_log_service
component-branch: uca_infra_log_service_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: uca_infra_monitoring_service
component-branch: uca_infra_monitor_service_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: uca_ssh_tunneling_app
component-branch: uca_ssh_tunneling_app_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

component-name: uca_ssh_tunneling_service
component-branch: uca_ssh_tunneling_service_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

product-name: gaia_api

component-name: ender
component-branch: ender_v17_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

package-branch-name: ender_v17_AutoUpdate
package-version: 21
package-name: Check_Point_ENDER_V17_AUTOUPDATE_Bundle_T21_FULL.tgz
package-installed: true
package-installable: true
package-previously-installed: false

product-name: LicenseTool_AutoUpdate

component-name: LicenseTool_AutoUpdate
component-branch: LicenseTool_AutoUpdate
GA-Version: 0
download-scheduler-active: true
install-scheduler-active: true
download-action: idle
install-revert-action: idle

[Expert@quantum-firewall:0]#

This update broke all our VPN s2s.

fixed with 'vpn accel off' - without this Virtual System use source addr with 0.0.0.0 towards the peer.

topology: Virtual System -> Virtual Switch -> infrastructure

TAC: 

/Henrik

@Henrik_Noerr1 I had customer upgrade to it and all was fine, but they dont use VSX, so its possible it does not affect regular firewalls.

hi @Henrik_Noerr1,

we had similar issue in the past, so i can only suggest based on previous case here :),

when we are upgrading VSX with newer take, we are changing MAC address so sometimes the router that connected to the VS/VSW, still hold the old MAC address which may cause to the VPN issue you described.

can you please check if the router have the correct MAC? if not can you try to remove the old entry and put the new MAC there and check if it's resolving the VPN issue?

Thanks,

Ilya 

Hey,

The issue is not the MAC, but that the source ip addr is 0.0.0.0.

We came from T81 by the way.

/Henrik

We installed this take last week on our internal Gateways and a few hours ago on our external Gateways with VPNs and nearly all blades enabled. No issues at all. But it seemed the installation took longer than normal but nothing excessive.

So the VPN thing is either a VSX problem or something only relevant for specific scenarios.

About the VPN issue we ran into the same problem with Take 79 for 1 of our s2s. Tonight we will check if this issue is also present in Take 81