This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jon_AK
Contributor
‎2024-01-11 12:41 PM
Jump to solution

Firmware Upgrade Problems

Hi.  Not sure if this is the correct place for this so please forgive me if it isn't.  Our Quantum Spark 1575 firmware just upgraded to version R81.10.08 (996001683) this morning.  Unfortunately, it has rendered our IKEv2 VPN connections to our remote clients unusable as well as some web sites.  The web sites come & go but the VPN's are down for the count.  Have never experienced an update like this that caused this kind of problem but trust there is an answer here as to what process is best to use to correct it.  I have disabled both the firewall as well as the application & url filtering to no avail.  The VPN's were working as of the end of my day yesterday at 5pm.  Unfortunately, I have never been able to perform a backup using SCP due to the 1575 not accepting the complex password for our server even though it is strictly alpha-numeric characters.... it's just 16 characters long.

Any recommendations?

 

0 Kudos
1 Solution

Accepted Solutions
Jon_AK
Contributor
‎2024-01-12 06:15 AM
In response to G_W_Albrecht
Jump to solution

After a lengthy session with TAC, it was determined that it the Spark was not preventing outgoing VPN connections.  The VPN we use is not the typical L2TP but we use IKEv2 which does not use the in-built VPN functionality offered by the Spark.  Upon installing WireGuard & setting up a connection, the VPN was established quickly.  Unfortunately, there is something within the Windows 11 VPN settings that does not agree with the latest update on the Spark & is difficult to explain how 3 workstations IKEv2 VPN connection failed to connect.  I can live with it, it is Windoze we're talking about & not unusual to have something break after an update occurred somewhere.

On another note, we did attempt to perform a rollback which was listed in the Spark as September of last year but it did not rollback as expected.  Nothing is broken & everyone is a happy camper now.  Appreciate all the input from the group here.

View solution in original post

12 Replies
the_rock
Legend
Legend
‎2024-01-11 12:56 PM
Jump to solution

If I were you, would call TAC and see if you can do remote session, sounds like a pretty serious issue.

Andy

0 Kudos
Jon_AK
Contributor
‎2024-01-11 01:01 PM
In response to the_rock
Jump to solution

Looking through the site for the phone number but, not having much success.

0 Kudos
the_rock
Legend
Legend
‎2024-01-11 01:02 PM
In response to Jon_AK
Jump to solution

Theres DTAC number, +1-972-444-6600 or toll free 1-888-361-5030

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2024-01-11 01:19 PM
Jump to solution

Anything related here? https://support.checkpoint.com/results/sk/sk178604

 

Did you followed these steps or needed to?

  • To manually upgrade the firmware R80.20.35 (or lower) to R81.10.08, you must follow the two-step upgrade:

    1. Upgrade from R80.20.35 (or lower) to one of the higher versions - R80.20.40 or R80.20.50 or R80.20.60 (see sk165734)

    2. Upgrade to R81.10.08

      You can also upgrade using the CLI.

-------
If you like this post please give a thumbs up(kudo)! 🙂
Jon_AK
Contributor
‎2024-01-11 02:27 PM
In response to Lesley
Jump to solution

I believe it was already on a flavor of R81.  The last update I did for it was somewhere around a month ago.  At the moment, I don't recall any longer as I have never had an issue with the past 3 upgrades I manuall performed.

0 Kudos
the_rock
Legend
Legend
‎2024-01-11 02:28 PM
In response to Jon_AK
Jump to solution

Did you get a hold of TAC?

Andy

0 Kudos
Jon_AK
Contributor
‎2024-01-11 02:29 PM
In response to the_rock
Jump to solution

No.  I waited on the phone for over an hour with no success.  have started to submit an online request though.

0 Kudos
the_rock
Legend
Legend
‎2024-01-11 02:31 PM
In response to Jon_AK
Jump to solution

I think you either got to another department or not sure, but I called same time I gave you the numbers and got through in 3 mins.

Andy

0 Kudos
Jon_AK
Contributor
‎2024-01-11 02:43 PM
In response to Jon_AK
Jump to solution

I got right through this time.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-01-12 03:25 AM
Jump to solution

I would suggest to step back to the last firmware:

WebGUI > Device > System Operations >Revert to previous image

And then disable the automatic upgrade:

WebGUI > Device > System Operations > Configure automatic upgrades...

Or using CLI:

revert to previous-image
set cloud-services-firmware-upgrade activate false

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Jon_AK
Contributor
‎2024-01-12 06:15 AM
In response to G_W_Albrecht
Jump to solution

After a lengthy session with TAC, it was determined that it the Spark was not preventing outgoing VPN connections.  The VPN we use is not the typical L2TP but we use IKEv2 which does not use the in-built VPN functionality offered by the Spark.  Upon installing WireGuard & setting up a connection, the VPN was established quickly.  Unfortunately, there is something within the Windows 11 VPN settings that does not agree with the latest update on the Spark & is difficult to explain how 3 workstations IKEv2 VPN connection failed to connect.  I can live with it, it is Windoze we're talking about & not unusual to have something break after an update occurred somewhere.

On another note, we did attempt to perform a rollback which was listed in the Spark as September of last year but it did not rollback as expected.  Nothing is broken & everyone is a happy camper now.  Appreciate all the input from the group here.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top