This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jorge_Luis_Chav
Participant
‎2018-07-30 03:08 PM

Downgrade appliance 1450

Hello, can someone help me with this requirement?

I have a 1450 appliance in the version R77.20.80, but my client requires that the downgrade be made to the version R77.20.60, however the load the image R77.20.60 and caragar the backup, for compatibility problems it is obvious that it does not work , the question is:

Is there any way to adapt the backup of version R77.20.80 to load it to verison77.20.60?

7 Replies
PhoneBoy
Admin
Admin
‎2018-07-30 05:01 PM

First, this should be in the SMB and SMP‌.

Second, can you explain why your customer requires R77.20.60 versus the latest version?

If it's due to a technical issue, then you should contact the TAC (especially if it's urgent as your message tag suggests).

Contact Support | Check Point Software 

As far as I know, the backup can only be installed on the same version it was taken from (or possibly a later release, but definitely not earlier).

The backup contains a copy of the configuration as a sqlite database, among other things.

It does appear the version the backup was taken with is coded into the database.

Using sqlite .dump, I can see the following:

CREATE TABLE system

(       

        name  text NOT NULL,

        firmwareVer  text,

        firmwarePri  text,

        firmwareSec  text,

        firmwarePriTimestamp  text,

    vendor text NOT NULL,

    sysContact text,

    sysLoc  text,

        PRIMARY KEY (name)

);

INSERT INTO "system" VALUES('Security Gateway 80','0.0.1-b0','R77_990172392_20_80',NULL,'Tue Jul  3 14:28:30 2018','Check Point',NULL,NULL);

I also see the image used in: addtional_settings_tmp/pfrm2.0/etc/prev_image_info

Presumably, you could modify the above to the appropriate value, recompress the directory, and attempt to restore against R77.20.60.

However, if there are differences in the database schema between R77.20.60 and R77.20.80, or there are other places where the version is specified that I didn't find, this won't be enough.

Jorge_Luis_Chav
Participant
‎2018-07-30 06:03 PM
In response to PhoneBoy

Thank you,

It does not work because of the difference in the version of the backup, however I got the command "show configuration" of the R77.20.80 version, and later copy and paste the output of the commands in the version R77.20.60 and if the changes were made but not in its entirety.

Is there any way I can optimize that process?

PhoneBoy
Admin
Admin
‎2018-07-30 06:21 PM
In response to Jorge_Luis_Chav

A show configuration contains some, but not all of the configuration.

Some of the configuration (certificates and the like) are stored in the files in the backup.

Also, it’s possible that show configuration may not output the configuration in an order that can be pasted into another appliance—This was an issue in older, non-embedded Gaia releases.

But again, what is the reason for needing R77.20.60?

0 Kudos
Jorge_Luis_Chav
Participant
‎2018-07-30 06:44 PM
In response to PhoneBoy

The reason why version R77.20.60 is required, is because with all the other versions higher than this have presented many problems of CPU consumption and memory and this problem affects the daily activities of the client since the administration is literally lost and Occasionally it restarts.

The logs that have been extracted are: Error [CPOSD] Low Free memory status is 8.850%

PhoneBoy
Admin
Admin
‎2018-07-31 08:18 AM
In response to Jorge_Luis_Chav

You should definitely be working with the TAC to try and resolve those issues.

The TAC may also be able to assist with trying to get the backup to "restore" on an earlier version. 

0 Kudos
Pedro_Espindola
Advisor
‎2018-07-31 10:07 AM
In response to Jorge_Luis_Chav

Show configuration won't work, but you can use it and edit the commands to make your own configuration script.

This has been discussed in the thread Configuration transfer between different SMB models

Commands like 'set interface LAN1 ipv4-address 10.10.10.234 mask-length 24' will look like 'set interface LAN1 ipv4-address "10.10.10.234" mask-length "24"', with incorrect double quotes.

G_W_Albrecht
Legend Legend
Legend
‎2019-06-28 01:32 AM
In response to Pedro_Espindola

This is possible using a USB medium. See sk107592 How to perform a fresh_clean install of firmware on 600_700_1100_1400_1200R appliances via USB on how to install an older firmware to the SMB device...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top