Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R81.20 Jumbo Hotfix Accumulator take #45 has been released today

gadt
Employee
Employee
0 58 5,690

gadt_0-1706617597586.png

 

Hi All

 

R81.20 Jumbo Hotfix Accumulator take #45 has been released today, and is available for download.

 

Please note the following:

  •        Availability:

o   Available to download the via Jumbo documentation R81.20 

o   Available for download via CPUSE by using package identifier.

o   Can be provided by customer support

 

Content included in this take:

 

  • List of resolved issues in this take can be found in the Jumbo documentation R81.20 

 

Note:

  • Central Deployment allows you to perform a batch deployment of Hotfixes on your Security Gateways and clusters from SmartConsole!! For more information, see sk168597.

 

Thanks,

Release Operations Group

58 Comments
the_rock
Legend
Legend

As always, will install it in the lab and report back 🙂

Best,

Andy

the_rock
Legend
Legend

K, just installed it in Azure lab, so far so good, but as our friend Guenther from germany would say, lets give it 24 hours and see if its still stable : - )

Best,

Andy

G_W_Albrecht
Legend Legend
Legend

No Germany, Austria ! 🇦🇹

the_rock
Legend
Legend

Sorry mate @G_W_Albrecht , my bad, I dont know why I always thought you were located in Germany, my bad

Andy

 

AustriaFlagOfAustriaGIF.gif

G_W_Albrecht
Legend Legend
Legend

Only nearly...

the_rock
Legend
Legend

Well, Ontario, province in Canada where I live, its nearly as big as half of Europe lol

You could be driving 24 hours straight and still be in the same province 😊

Andy

KlowikiOne
Employee
Employee

My father's family immigrated to US from Austria before WWII. I have often wondered if I had any family in Austria. I do need to do some research someday soon. 

-Thank you,

the_rock
Legend
Legend

@KlowikiOne 100%, I would do that. Your roots and where you come from is important, in my opinion.

Best,

Andy

the_rock
Legend
Legend

@gadt Been observing now for 8 hours in the lab firewall and seems stable . Will update Wednesday morning EST time, than it will be 24 hours.

Best,

Andy

gadt
Employee
Employee

Thank you for the update @the_rock 

Nüüül
Advisor

somone has an idea when to expect the next "recommended" one?Will this be more likely t45 or t43 as TAC engineer told last week? 🙂

 

@the_rock 

Thanks for giving quick update on that! One question about your lab - is there also traffic going through this? what blades are active?

 

Cheers from Germany 🙂

 

the_rock
Legend
Legend

@Nüüül My educated guess is probably take 43. Yes, there is traffic through the fw, it has vpn, ssl inspection, urlf+appc and monitoring blade enabled, well, ips too : - )

Grüße aus Kanada

Best,

Andy

the_rock
Legend
Legend

@gadt Been 23 hours now, still seems stable, so I am confident in saying no issues.

Best,

Andy

gadt
Employee
Employee

Thank you @the_rock!

Regarding the recommended take, As we released a new latest take (Take 45), Take 43 will not become recommended.

Gadi

the_rock
Legend
Legend

@gadt You are welcome. Ok, so if its not take 43, then either 41 will stay recommended or maybe 45 will be recommended one in 2-3 weeks or so?

Andy

gadt
Employee
Employee

At the moment take 45 is the candidate to become a recommended one in 2-3 weeks.

Gadi 

the_rock
Legend
Legend

That makes sense to me as well, for sure.

Best,

Andy

Steffen_Appel
Advisor

Both T45 and T43 caused two 3200 to become unrepsonsive, rollback via serial console to T41 was needed.

the_rock
Legend
Legend

@Steffen_Appel Sorry to hear that happened to you. I tested both in the lab and no issues, mind you these are eve-ng instances, not physical devices. 

Best,

Andy

Steffen_Appel
Advisor

....

CheckPoint_Vict
Explorer

I tested the T45 in production, on a cp6200 with IOT and after 48 hours, the cp6200 reboot alone (crash)

the_rock
Legend
Legend

@CheckPoint_Vict I would open TAC case to investigate that.

Andy

Steffen_Appel
Advisor

maybe - thats always so time consuming....

 

The team ist aware of it, so it is their task IMHO

Ruan_Kotze
Advisor

We had to deploy in a management HA production scenario - we were triggering a bug that caused the standby unit to run out of disk space.

No red flags or issues reported as of yet.

the_rock
Legend
Legend

That certainly warrants TAC case @Ruan_Kotze 

Ruan_Kotze
Advisor

We've had several TAC cases and a couple of rebuilds already. 

Seems CP finally fixed it in T45 (two bugs related to DB growth on secondary HA).

the_rock
Legend
Legend

K, sorry mate, I misunderstood, I thought you meant it happened after you installed jumbo 45.

Steffen_Appel
Advisor

@Rock yes both T43 and T45 causes our issue

Steffen_Appel
Advisor

On a single 3200 there is no issue, so the bug seems to be cluster related

the_rock
Legend
Legend

@Steffen_Appel I agree with that statement. I installed take 45 on my lab cluster, had few issues, fixed now, but on single gw, no problems.

Best,

Andy

Steffen_Appel
Advisor

@Rock on the cluster the gateway the policy installation fails and the gw becomes unreachable as thge defaultfilter is active

the_rock
Legend
Legend

@Steffen_Appel Just installed take 45 this weekend on Azure lab cluster and so far, no issues.

Best,

Andy

Steffen_Appel
Advisor

We opened a TAC case now: 6-0003863705

the_rock
Legend
Legend

Keep us posted how it gets solved.

CheckPoint_Vict
Explorer

nightmare story with take 45 TAC 6-0003846935

the_rock
Legend
Legend

@CheckPoint_Vict Just to make it easier, provide them with what you can beforehand, cpinfo, logs, crash files, etc. That way, no need to spend more time waiting on needed files for investigation.

Best,

Andy

CheckPoint_Vict
Explorer

the only thing that worked and made the firewall functional again is this (as we did in the past):

tar -C / -zxvf ./name_of_backup_file

the_rock
Legend
Legend

@CheckPoint_Vict Im really sorry that happened to you and I do find it surprising, as I have installed it in 3 lab firewalls, mind you it is just a lab, but Im sure lots of people installed in on their production fws as well.

Lets hope it gets solved quick.

Best,

Andy

Steffen_Appel
Advisor

In our case it seems, that CP changed the handling of updateable object in T43, which causes the installation failure.

the_rock
Legend
Legend

Will check in my lab about it.

itsysadmin
Participant

well...we were advised last week by TAC to install T43 on a pair of 16200 cluster, due to the issue described here: 

R81.20 T26 - Traffic disruption during policy inst... - Check Point CheckMates

Confirmed as issue PRJ-47521/PRHF-29318. Now that I read this thread, I'm struggling to know the best approach to proceed with remaining 3 clusters we have with R81.20 T41.

 

Pedro_Madeira
Contributor

Hello everyone,

 

I have a customer who is experiencing sudden reboot crashes with core dumps, 5000 and 15000 series appliances in different clusters. Reverting back to JHFA T41 to see if it solves the issue.

Case opened with TAC and uploaded the dumps for investigation by R&D.

There's something going on with this latest jumbo take. Don't know about the stability of take 43.

 

PM

the_rock
Legend
Legend

@Pedro_Madeira Personally and this is just me, I ALWAYS tell people to stick with recommended take, UNLESS there is "burning fire" situation where latest one has to be installed to fix a specific issue.

Best,

Andy

Pedro_Madeira
Contributor

Hey @the_rock 

 

Me too. But the customer actually needs a specific hotfix which seems to be included in JHFA T43. That's why I decided to go over to T45 which included everything from previous takes.

 

The customer was coming from R81.10 and we did a major version upgrade to R81.20.

 

We started in DR and there were no issues after a week so we moved on to the main site. Couple of days later we experienced the first core dump. After that and in quick succession, two other machines suffered a catastrophic reboot with core dump.

 

No downtime though because each cluster did its work.

Reverting to JHFA T41 today.

the_rock
Legend
Legend

@Pedro_Madeira Gotcha, I see your point now. I hope reverting to take 41 fixes the problem. 

Best,

Andy

itsysadmin
Participant

@the_rock for us the burning fire was having traffic disruptions whenever policy was installed on our datacenter firewalls. Case opened with TAC and we were advised to install T43. Since then, last Friday night, the cluster seems stable but now just wondering how to proceed with remaining clusters we have with T41, since some of them, use a lot of updatable objects and by @Steffen_Appel post seems is somehow related with further issues.

the_rock
Legend
Legend

I hear ya...thats a tricky situation right there. Not sure what to suggest, because 2-3 days may not be enough to make an educated dicision. I would give it at least a week...

Best,

Andy

itsysadmin
Participant

Ya, I know, but we are between a rock and a hard place...with T41, installing the policy creates unacceptable traffic disruptions and with the take that supposably resolves this issue, creates others that can be even worse.

In our case we will maintain it under close observation and not proceed installing T43 on remaining clusters.

     

the_rock
Legend
Legend

@itsysadmin I agree, I would do the same.

Best,

Andy

Steffen_Appel
Advisor

@itsysadmin

 

I would stick with build 41.

Labels